owain/MileVault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix PocketID secret wiped on re-save; log token-exchange failures
Build and push images / validate (push) Successful in 19s
Details
Build and push images / build-backend (push) Successful in 29s
Details
Build and push images / build-worker (push) Successful in 29s
Details
Build and push images / build-frontend (push) Successful in 29s
Details

Browse Source 
save_pocketid_config cleared the stored client secret whenever the form was
submitted with a blank secret field — but the UI hint says blank means "keep
existing". Re-saving config (e.g. to set the allowed group) therefore wiped the
secret and broke token exchange ("Token exchange failed"). Now a blank field
keeps the existing secret; only a non-empty value overwrites it.

Also log PocketID's actual token-endpoint response body on failure so the cause
(invalid_client, redirect_uri mismatch, etc.) is visible in backend logs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Owain Jarrett
2026-06-08 13:26:35 +01:00
parent 0dd6eba589
commit 0e18ef2291
4 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
milevault_export/backend/app/api/auth.py
+1
View File
@@ -119,6 +119,7 @@ async def pocketid_callback(code: str, db: AsyncSession = Depends(get_db)):
"client_id": client_id, "client_secret": client_secret},
)
if resp.status_code != 200:
print(f"PocketID token exchange failed ({resp.status_code}): {resp.text}")
raise HTTPException(status_code=400, detail="Token exchange failed")
tokens = resp.json()
userinfo_resp = await client.get(