Skip to content

feat: ENG-12261 add OAuth 2.0 support and settings UI for Phrase integration#4699

Merged
sanyamkamat merged 25 commits into
mainfrom
add_oauth_option
Jul 15, 2026
Merged

feat: ENG-12261 add OAuth 2.0 support and settings UI for Phrase integration#4699
sanyamkamat merged 25 commits into
mainfrom
add_oauth_option

Conversation

@sanyamkamat

@sanyamkamat sanyamkamat commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Description

Adds OAuth 2.0 support and settings UI for Phrase integration


Note

Medium Risk
Changes authentication and how Phrase API calls are authorized (OAuth popup, session state, 401 refresh), which can break translation workflows if server OAuth endpoints or token refresh behave differently than password auth.

Overview
Adds SSO / OAuth 2.0 as an alternative to username/password for the Phrase connector, aimed at orgs that block password login. Settings gain an Authentication dropdown, per-org OAuth Client ID, US data-center flag, and a custom Connect / Disconnect panel that runs the Builder API OAuth popup flow (preparestartpostMessage); tokens stay server-side and the browser only sees connection metadata.

Translation actions now go through a new PhraseApi wrapper that checks credentials (ensureAuthenticated), retries on 401 via oauth/refresh in OAuth mode, and handles org switches and stale in-memory OAuth state with apiKey-scoped session markers. Username/password fields are shown only when not in OAuth mode; both credential types can coexist when switching modes.

The README documents OAuth setup (Phrase registered app, redirect URI, admin connect steps) and a sequence diagram. Plugin version bumps to 0.0.17. The stub Request an updated translation content action is removed; pending-job outdated source warnings are refactored into checkTranslationFreshness.

Reviewed by Cursor Bugbot for commit 5e0c959. Bugbot is set up for automated code reviews on this repo. Configure here.

@sanyamkamat
sanyamkamat requested review from a team and lihuelg and removed request for a team July 3, 2026 17:54
@changeset-bot

changeset-bot Bot commented Jul 3, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 5e0c959

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/phrase-api.ts Outdated
Comment thread plugins/phrase-conector/src/oauth-client.ts
Comment thread plugins/phrase-conector/src/plugin.tsx
Comment thread plugins/phrase-conector/src/oauth-client.ts
Comment thread plugins/phrase-conector/src/plugin.tsx Outdated
@nx-cloud

nx-cloud Bot commented Jul 3, 2026

Copy link
Copy Markdown

View your CI Pipeline Execution ↗ for commit 5e0c959

Command Status Duration Result
nx test @e2e/nextjs-sdk-next-app ✅ Succeeded 7m 21s View ↗
nx test @e2e/qwik-city ✅ Succeeded 7m 48s View ↗
nx test @e2e/angular-17 ✅ Succeeded 6m 48s View ↗
nx test @e2e/gen1-remix ✅ Succeeded 5m 21s View ↗
nx test @e2e/nuxt ✅ Succeeded 5m 38s View ↗
nx test @e2e/react-sdk-next-15-app ✅ Succeeded 5m 18s View ↗
nx test @e2e/gen1-react ✅ Succeeded 4m 49s View ↗
nx test @e2e/react ✅ Succeeded 4m 58s View ↗
Additional runs (38) ✅ Succeeded ... View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗


☁️ Nx Cloud last updated this comment at 2026-07-15 05:51:11 UTC

Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/plugin.tsx Outdated
Comment thread plugins/phrase-conector/src/oauth-client.ts
Comment thread plugins/phrase-conector/src/oauth-client.ts
Comment thread plugins/phrase-conector/src/plugin.tsx
Comment thread plugins/phrase-conector/src/plugin.tsx
Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/plugin.tsx Outdated
Comment thread plugins/phrase-conector/src/plugin.tsx Outdated
Comment thread plugins/phrase-conector/src/plugin.tsx
Comment thread plugins/phrase-conector/src/oauth-client.ts
@sanyamkamat sanyamkamat changed the title feat: add OAuth 2.0 support and settings UI for Phrase integration feat: ENG-12261 add OAuth 2.0 support and settings UI for Phrase integration Jul 5, 2026
Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/oauth-client.ts Outdated
Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/plugin.tsx
Comment thread plugins/phrase-conector/src/phrase-api.ts Outdated
Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/phrase-api.ts
Comment thread plugins/phrase-conector/src/phrase-api.ts Outdated
@sanyamkamat
sanyamkamat enabled auto-merge (squash) July 15, 2026 05:41

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 5e0c959. Configure here.

const info = await refreshRes.json().catch(() => ({} as any));
throw new Error(info?.error || 'Phrase session expired. Please reconnect.');
}
res = await doFetch();

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Refresh ignores client expiry

Medium Severity

After a successful oauth/refresh on 401, client OAuth metadata (readOrgPluginSetting('oauth') and sessionOAuth) is not updated. Later ensureAuthenticated still uses the old expiresAt, so actions can fail with “session expired” even though the server token was just refreshed.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 5e0c959. Configure here.

@sanyamkamat
sanyamkamat disabled auto-merge July 15, 2026 05:56
@sanyamkamat
sanyamkamat merged commit 1830e03 into main Jul 15, 2026
48 checks passed
@sanyamkamat
sanyamkamat deleted the add_oauth_option branch July 15, 2026 06:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants