Skip to content

fix(oauth): webhook + oauthblocks in workflow#979

Merged
icecrasher321 merged 3 commits into
stagingfrom
fix/oauth-webhook-internal
Aug 15, 2025
Merged

fix(oauth): webhook + oauthblocks in workflow#979
icecrasher321 merged 3 commits into
stagingfrom
fix/oauth-webhook-internal

Conversation

@icecrasher321
Copy link
Copy Markdown
Collaborator

@icecrasher321 icecrasher321 commented Aug 15, 2025
edited
Loading

Summary

Need to generate internal token for webhook executions with oauth blocks now. Since credential generation access is secured.

Type of Change

  • Bug fix

Testing

Tested manually by triggering webhooks with oauth blocks in the workflow.

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link
Copy Markdown

vercel Bot commented Aug 15, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
sim Ready Ready Preview Comment Aug 15, 2025 8:09pm
1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
docs Skipped Skipped Aug 15, 2025 8:09pm

greptile-apps[bot]
greptile-apps Bot reviewed Aug 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Summary

This PR addresses two critical OAuth infrastructure issues that prevent server-side workflow execution from working properly with OAuth-enabled tools. The changes implement proper authentication mechanisms for webhook-triggered and scheduled workflow execution scenarios where user session context is not available.

The first change renames the Microsoft identity association file from microsoft-identity-association.json to microsoft-identity-association (without the .json extension). This aligns with Microsoft's OAuth2/OpenID Connect well-known endpoint specifications, which expect this discovery file to be served at the exact path without a file extension. This file contains the Microsoft application ID configuration necessary for OAuth discovery processes.

The second change adds internal JWT authentication support to the OAuth token fetching mechanism in the tools system. When tools execute server-side (detected by typeof window === 'undefined'), the system now generates and includes an internal JWT token in the Authorization header when requesting OAuth tokens. This leverages the existing hybrid authentication system that supports both session-based auth (client-side) and internal JWT auth (server-side). The implementation includes proper error handling to gracefully degrade if internal token generation fails.

These changes integrate with the existing authentication architecture, particularly the /api/auth/oauth/token endpoint that already supports dual authentication modes. The OAuth token endpoint can now properly authenticate server-side requests using short-lived (5-minute) internal JWT tokens signed with the internal secret, while maintaining the existing client-side session-based flow.

PR Description Notes:

  • The PR description template is not filled out - missing summary, change type selection, testing details, and checklist completion
  • No issue number is referenced despite the template placeholder

Confidence score: 4/5

  • This PR addresses legitimate OAuth infrastructure gaps with targeted, well-understood fixes
  • Score reflects solid technical implementation but incomplete PR documentation and potential testing gaps
  • Pay close attention to the Microsoft identity association file path change and server-side OAuth token flow

2 files reviewed, no comments

Edit Code Review Bot Settings | Greptile

@vercel vercel Bot temporarily deployed to Preview – docs August 15, 2025 19:33 Inactive
@vercel vercel Bot temporarily deployed to Preview – docs August 15, 2025 19:59 Inactive
@icecrasher321 icecrasher321 merged commit 9f02f88 into staging Aug 15, 2025
4 of 5 checks passed
@icecrasher321 icecrasher321 mentioned this pull request Aug 15, 2025
Merged
6 tasks
@waleedlatif1 waleedlatif1 deleted the fix/oauth-webhook-internal branch August 18, 2025 05:26
arenadeveloper02 pushed a commit to arenadeveloper02/p2-sim that referenced this pull request Sep 19, 2025
@icecrasher321
fix(oauth): webhook + oauthblocks in workflow (simstudioai#979)
fc30cfd 
* fix(oauth): webhook + oauthblocks in workflow

* propagate workflow id

* requireWorkflowId for internal can be false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@icecrasher321