Fix invalid token after credentials change (#4717)

- If sync fails we set authFailedAt - This information is displayed in the frontend in accounts with a `Sync Failed` pill - The user can reconnect his account in the dropdown menu - A new OAuth flow is triggered - The account is synced
2024-04-02 11:32:27 +02:00
parent a3a15957f4
commit ffb1733f39
18 changed files with 318 additions and 123 deletions
--- a/packages/twenty-server/src/modules/connected-account/services/google-api-refresh-access-token/google-api-refresh-access-token.service.ts
+++ b/packages/twenty-server/src/modules/connected-account/services/google-api-refresh-access-token/google-api-refresh-access-token.service.ts
@ -38,7 +38,11 @@ export class GoogleAPIRefreshAccessTokenService {
      );
    }

-    const accessToken = await this.refreshAccessToken(refreshToken);
+    const accessToken = await this.refreshAccessToken(
+      refreshToken,
+      connectedAccountId,
+      workspaceId,
+    );

    await this.connectedAccountRepository.updateAccessToken(
      accessToken,
@ -47,22 +51,36 @@ export class GoogleAPIRefreshAccessTokenService {
    );
  }

-  async refreshAccessToken(refreshToken: string): Promise<string> {
-    const response = await axios.post(
-      'https://oauth2.googleapis.com/token',
-      {
-        client_id: this.environmentService.get('AUTH_GOOGLE_CLIENT_ID'),
-        client_secret: this.environmentService.get('AUTH_GOOGLE_CLIENT_SECRET'),
-        refresh_token: refreshToken,
-        grant_type: 'refresh_token',
-      },
-      {
-        headers: {
-          'Content-Type': 'application/json',
+  async refreshAccessToken(
+    refreshToken: string,
+    connectedAccountId: string,
+    workspaceId: string,
+  ): Promise<string> {
+    try {
+      const response = await axios.post(
+        'https://oauth2.googleapis.com/token',
+        {
+          client_id: this.environmentService.get('AUTH_GOOGLE_CLIENT_ID'),
+          client_secret: this.environmentService.get(
+            'AUTH_GOOGLE_CLIENT_SECRET',
+          ),
+          refresh_token: refreshToken,
+          grant_type: 'refresh_token',
        },
-      },
-    );
+        {
+          headers: {
+            'Content-Type': 'application/json',
+          },
+        },
+      );

-    return response.data.access_token;
+      return response.data.access_token;
+    } catch (error) {
+      await this.connectedAccountRepository.updateAuthFailedAt(
+        connectedAccountId,
+        workspaceId,
+      );
+      throw new Error(`Error refreshing access token: ${error.message}`);
+    }
  }
 }