Skip to content

fix: prevent auto-install for OAuth apps in installation flow#27567

Merged
anikdhabal merged 3 commits intomainfrom
devin/1770122044-fix-edit-location-organizer-default-app
Feb 7, 2026
Merged

fix: prevent auto-install for OAuth apps in installation flow#27567
anikdhabal merged 3 commits intomainfrom
devin/1770122044-fix-edit-location-organizer-default-app

Conversation

@anikdhabal
Copy link
Copy Markdown
Contributor

@anikdhabal anikdhabal commented Feb 3, 2026
edited
Loading

Problem

OAuth apps were being incorrectly auto-installed. This caused issues because:

  1. OAuth apps require user interaction - Users need to select which account to connect
  2. Empty credentials don't work - OAuth apps need tokens from the OAuth flow, not empty key: {} objects
  3. Broken flow - OAuth apps should go through ACCOUNTS_STEP to initiate the OAuth flow, not skip directly to event types

Solution

This PR fixes the OAuth app installation flow by:

  1. Preventing auto-install for OAuth apps - Added !appMetadata.isOAuth check in getCredential() to skip auto-install for OAuth apps
  2. Ensuring OAuth apps start at ACCOUNTS_STEP - Updated getInitialStep() to route OAuth apps to ACCOUNTS_STEP when no step is provided, allowing users to initiate the OAuth flow
  3. Adding safety check - Added validation for undefined initialStep to prevent crashes

@devin-ai-integration @anikdhabal
fix: resolve organizer default conferencing app credential for locati…
2339468 
…on update

- Fix Google Meet credential lookup in EventManager to properly map 'google:meet' to 'google_video' type
- Add automatic credential ID resolution when selecting 'Organizer Default App' as location
- Fixes 'Location update failed' error when editing round-robin team event location to organizer default app (Google Meet) with multiple Google Calendar connections

Co-Authored-By: anik@cal.com <adhabal2002@gmail.com>
@pull-request-size pull-request-size bot added size/S and removed size/M labels Feb 6, 2026
@anikdhabal anikdhabal changed the title fix: resolve organizer default conferencing app credential for location update fix: prevent auto-install for OAuth apps in installation flow Feb 6, 2026
@anikdhabal anikdhabal marked this pull request as ready for review February 6, 2026 14:29
@graphite-app graphite-app bot added the core area: core, team members only label Feb 6, 2026
@calcom calcom deleted a comment from devin-ai-integration bot Feb 6, 2026
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Feb 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

@calcom calcom deleted a comment from cubic-dev-ai bot Feb 6, 2026
@cubic-dev-ai
Copy link
Copy Markdown
Contributor

cubic-dev-ai bot commented Feb 6, 2026
edited
Loading

I've analyzed the PR changes and here's a suggested PR description:

Summary

This PR fixes an issue with the app installation flow where OAuth apps were being auto-installed incorrectly. OAuth apps require user authentication before installation, so they should not bypass the accounts step.

Changes

1. App Installation Flow (apps/web/lib/apps/installation/[[...step]]/getServerSideProps.ts)

  • Prevents auto-install for OAuth apps by checking isOAuth flag
  • For OAuth apps, directs users to the ACCOUNTS_STEP instead of skipping directly to EVENT_TYPES_STEP
  • Adds proper redirect handling when initialStep is undefined

2. EventManager (packages/features/bookings/lib/EventManager.ts)

  • Reverts Google Meet credential lookup logic
  • Adds a @fixme comment documenting a potential bug with Google Meet credentials being saved as integrations:google:meet while DB stores them as google_video

3. Edit Location Handler (packages/trpc/server/routers/viewer/bookings/editLocation.handler.ts)

  • Removes findOrganizerDefaultConferencingAppCredentialId helper function
  • Simplifies the handler by removing auto-lookup of organizer's default conferencing app credential

Test Plan

  • Verify OAuth apps (e.g., Google Calendar) go through proper authentication flow during installation
  • Verify non-OAuth apps still auto-install correctly for users without teams
  • Verify editing booking location still works correctly with organizer default conferencing app

I can't directly update the PR description since that requires GitHub API access, but you can copy this description and update the PR manually, or let me know if you'd like me to make any adjustments to this text.

@anikdhabal anikdhabal enabled auto-merge (squash) February 6, 2026 14:35
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 7, 2026

E2E results are ready!

@anikdhabal anikdhabal merged commit 22167d2 into main Feb 7, 2026
125 of 129 checks passed
@anikdhabal anikdhabal deleted the devin/1770122044-fix-edit-location-organizer-default-app branch February 7, 2026 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@dhairyashiil dhairyashiil dhairyashiil approved these changes

Assignees

No one assigned

Labels

core area: core, team members only ready-for-e2e size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anikdhabal @dhairyashiil