fix: GoogleCalendar - Ensure that Delegation Credentials are able to reuse access_token

[hariombalhara]

What does this PR do?

Fixes PRI-277

This PR unifies OAuth and JWT authentication by abstracting the existing JWT implementations to use OAuthManager as well. This makes JWT and OAuth approach quite similar and easier to understand.

It in-turn allows us to reuse the access token for JWT flow too which is used by Delegation Credential flow

Key Changes:

• Unified Authentication: Created CalendarAuth class that handles both OAuth and JWT authentication through the same interface
• Token Reuse: Extended OAuthManager to work with JWT, enabling access token reuse by creating credentials with tokens when needed
• getCurrentTokenObject support in OAuthManager
• Code Abstraction: Refactored existing OAuth and JWT code into a cleaner, shared architecture
• Enhanced Token Management: JWT now benefits from the same token expiry checking and refresh mechanisms as OAuth
• Better token Expiry handling - Earlier we were considering a token as expired when it was actually expired but now we consider it expired if it will expire in next 5 seconds.
• Better error reporting from OAuthManager

Tests

• Added more tests for CalendarService and moved auth based tests to separate CalendarService.auth.test.ts module. The tests in auth.test.ts dont mock OAuthManager and are better able to test auth flow
• Added more tests for OAuthManager to test new functionality

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

[github-actions]

Hey there and thank you for opening this pull request! 👋🏼

We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted.

Details:

No release type found in pull request title "persist-access-token-dwd". Add a prefix to indicate what kind of release this pull request corresponds to. For reference, see https://www.conventionalcommits.org/

Available types:
 - feat: A new feature
 - fix: A bug fix
 - docs: Documentation only changes
 - style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
 - refactor: A code change that neither fixes a bug nor adds a feature
 - perf: A code change that improves performance
 - test: Adding missing tests or correcting existing tests
 - build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
 - ci: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
 - chore: Other changes that don't modify src or test files
 - revert: Reverts a previous commit

[hariombalhara]

• fix: GoogleCalendar - Ensure that Delegation Credentials are able to reuse access_token #21389 👈 (View in Graphite)
• fix: Error in selected-calendars cron of Delegation Credentials due to plus based emails #21465
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
cal	⬜️ Ignored (Inspect)	Visit Preview		May 26, 2025 8:50am

[hariombalhara]

Now we report the actual error

[hariombalhara]

We report the actual error now instead of going forward with this json and then being unable to parse the obviously invalid token and then throwing 'Invalid token response' error.

This was hiding the actual reason behind the error.

[hariombalhara]

Most of the helper functions are moved to utils.ts so that they can be shared with CalendarService.auth.test.ts as well

[hariombalhara]

Also, all the auth testing related tests are moved to CalendarService.auth.test.ts where we don't mock OAuthManager and are more reliably to test Authentication.

[hariombalhara]

This test module has all the auth related tests moved from CalendarService.test.ts

[github-actions]

E2E results are ready!

• Workflow #61631.3 latest results

[hariombalhara]

Ensure that delegatedTo isn't logged fully.

[hariombalhara]

Don't log anything more than what we need.

[hariombalhara]

Moved these here from CalendarService.test.ts

[hariombalhara]

Moved here fromCalendarService.test.ts

[hariombalhara]

Moved here fromCalendarService.test.ts

[linear]

PRI-277

[graphite-app]

Graphite Automations

"Add consumer team as reviewer" took an action on this PR • (05/23/25)

1 reviewer was added to this PR based on Keith Williams's automation.

"Add foundation team as reviewer" took an action on this PR • (05/25/25)

1 reviewer was added to this PR based on Keith Williams's automation.

[cubic-dev-ai]

cubic found 12 issues across 20 files. Review them in cubic.dev

_{React with 👍 or 👎 to teach cubic. Tag @cubic-dev-ai to give specific feedback.}

[cubic-dev-ai]

Creating a new delegation-credential after an updateMany that returned 0 is vulnerable to a classic race condition. If two parallel requests run this code, both can see count === 0 and each create a new row, leading to duplicate credentials. This should be handled with an atomic upsert or a Prisma transaction.

[hariombalhara]

An upsert isn't possible at the moment because userId and delegationCredentialId isn't unique

[Udit-takkar]

E2E tests are failing @hariombalhara

[hariombalhara]

@Udit-takkar Passing now !! It was build issue from github