Skip to content

Improve session expiry UX with login prompt and automatic recovery #730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
EhabY wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Improve session expiry UX with login prompt and automatic recovery #730

EhabY wants to merge 4 commits into from

Conversation

@EhabY
Copy link
Collaborator

@EhabY EhabY commented Jan 16, 2026
edited
Loading

Summary

  • Improves the user experience when sessions expire by showing a "Log In" button
  • Keeps deployment context after expiry so users don't have to re-enter the URL
  • Adds automatic session recovery when tokens are updated from another window
  • Adds OAuth scope validation to detect when required permissions change

Fixes #723

@EhabY EhabY force-pushed the oauth-failure-handling branch from 9f9b099 to 87cd9c1 Compare January 16, 2026 16:39
@EhabY EhabY requested a review from code-asher January 19, 2026 11:56
@EhabY EhabY self-assigned this Jan 19, 2026
@EhabY
Improve session expiry handling and OAuth token management
ae4df51 
- Show "Log In" button when session expires instead of just a message
- Keep deployment info after session expiry for easier re-login
- Automatically recover session when tokens are refreshed in another window
- Validate OAuth scopes to detect permission changes
- Consolidate duplicated OAuth constants
@EhabY EhabY force-pushed the oauth-failure-handling branch from 87cd9c1 to ae4df51 Compare January 20, 2026 10:17
code-asher
code-asher approved these changes Jan 20, 2026
View reviewed changes
Copy link
Member

@code-asher code-asher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

src/deployment/deploymentManager.ts Outdated

if (auth) {
this.client.setCredentials(auth.url, auth.token);
if (this.contextManager.get("coder.authenticated")) {
Copy link
Member

@code-asher code-asher Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nbd but would calling this.isAuthenticated() make sense here since it does the same thing?

src/workspace/workspacesProvider.ts
this.refresh();
}

public dispose() {
Copy link
Member

@code-asher code-asher Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feels like if we have dispose and clear they should do different things, like is dispose meant to ensure the provider cannot be used again or something? In which case maybe we can formalize that with a boolean check or something.

Copy link
Collaborator Author

@EhabY EhabY Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dispose meant to ensure the provider cannot be used again or something?

Indeed, I'll add a boolean check then!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@code-asher code-asher code-asher approved these changes

Assignees

@EhabY EhabY

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

UX papercuts when an oauth token is revoked

2 participants

@EhabY @code-asher