fix: gRPC oauth2 call is not taking ssl cert and proxy config

[sanish-bruno]

Description

Jira

Contribution Checklist:

• I've used AI significantly to create this pull request
• The pull request only addresses one issue or adds one feature.
• The pull request does not introduce any breaking changes
• I have added screenshots or gifs to help explain the change if applicable.
• I have read the contribution guidelines.
• Create an issue and link to the pull request.

Note: Keeping the PR small and focused helps make it easier to review and merge. If you have multiple changes you want to make, please consider submitting them as separate pull requests.

Publishing to New Package Managers

Please see here for more information.

Summary by CodeRabbit

• Bug Fixes

  • Prevented a crash when processing certain request URLs by adding a safety check, improving stability when opening or handling requests.

• Refactor

  • Centralized gRPC request preparation and moved OAuth 2.0 handling into a dedicated configuration step.
  • Added flexible token placement (header or query) and clearer request configuration to support varied auth flows and future extensibility.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Centralized OAuth2 token handling was extracted into a new configureRequest function and invoked from gRPC IPC handlers; prepareGrpcRequest no longer performs OAuth2 placement. A null-check guard was added before URL regex matching in certificate utilities.

Changes

Cohort / File(s)	Change Summary
gRPC request configuration packages/bruno-electron/src/ipc/network/prepare-grpc-request.js	Introduced configureRequest(...) as a named export to compute and place OAuth2 tokens (header or query) and extracted OAuth2 logic from prepareGrpcRequest. Added placeOAuth2Token helper; prepareGrpcRequest signature no longer accepts certsAndProxyConfig.
gRPC IPC integration packages/bruno-electron/src/ipc/network/grpc-event-handlers.js	Imported and called configureRequest after preparing gRPC requests in grpc:start-connection and grpc:load-methods-reflection handlers to apply centralized OAuth2 configuration.
Certificate utils guard packages/bruno-electron/src/ipc/network/cert-utils.js	Added a null/undefined check for requestUrl before calling requestUrl.match(hostRegex) to avoid exceptions when URL is absent.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Verify oauth2Credentials population and that tokens are correctly placed in headers vs. query params.
• Check calls to configureRequest in both IPC handlers for correct argument ordering and side effects.
• Review URL null-check and any logging/error handling in cert-utils.js for edge cases.

Possibly related PRs

• feat: Streamline gRPC requests to use right context #6308 — Modifies gRPC IPC handlers and request preparation; likely overlaps with request normalization and OAuth2 placement changes.

Suggested labels

size/M

Suggested reviewers

• helloanoop
• lohit-bruno
• naman-bruno
• bijin-bruno

Poem

Tokens placed where headers gleam,
Handlers call the new routine.
A guard prevents a URL spill,
Requests configured, calm and still. ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main fix: gRPC OAuth2 calls now properly handle SSL certificates and proxy configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b18d582 and d47c442.

📒 Files selected for processing (3)

• packages/bruno-electron/src/ipc/network/cert-utils.js (1 hunks)
• packages/bruno-electron/src/ipc/network/grpc-event-handlers.js (3 hunks)
• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (CODING_STANDARDS.md)

**/*.{js,jsx,ts,tsx}: Use 2 spaces for indentation, never tabs
Use single quotes for strings instead of double quotes
Always add semicolons at the end of statements
No trailing commas in code
Always use parentheses around parameters in arrow functions, even for single parameters
For multiline constructs, put opening braces on the same line with a minimum of 2 elements for multiline formatting
No newlines inside function parentheses
Space before and after the arrow in arrow functions: () => {}
No space between function name and parentheses: func() not func ()
Semicolons should go at the end of the line, not on a new line
Function names should be concise and descriptive
Add JSDoc comments to provide details to abstractions
Avoid single-line abstractions where all that is being done is increasing the call stack with one additional function
Add meaningful comments to explain complex code flow instead of obvious comments

Files:

• packages/bruno-electron/src/ipc/network/cert-utils.js
• packages/bruno-electron/src/ipc/network/grpc-event-handlers.js
• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js

🧠 Learnings (2)

📓 Common learnings

Learnt from: bijin-bruno
Repo: usebruno/bruno PR: 6263
File: packages/bruno-requests/src/auth/oauth2-helper.ts:249-249
Timestamp: 2025-12-02T07:24:50.299Z
Learning: In OAuth2 Basic Auth headers for Bruno, clientSecret is optional and can be omitted. When constructing the Authorization header in `packages/bruno-requests/src/auth/oauth2-helper.ts`, use `clientSecret || ''` instead of `clientSecret!` to properly handle cases where only clientId is provided, per community requests.

📚 Learning: 2025-12-02T07:24:50.299Z

Learnt from: bijin-bruno
Repo: usebruno/bruno PR: 6263
File: packages/bruno-requests/src/auth/oauth2-helper.ts:249-249
Timestamp: 2025-12-02T07:24:50.299Z
Learning: In OAuth2 Basic Auth headers for Bruno, clientSecret is optional and can be omitted. When constructing the Authorization header in `packages/bruno-requests/src/auth/oauth2-helper.ts`, use `clientSecret || ''` instead of `clientSecret!` to properly handle cases where only clientId is provided, per community requests.

Applied to files:

• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js

🧬 Code graph analysis (1)

packages/bruno-electron/src/ipc/network/cert-utils.js (1)

packages/bruno-cli/src/runner/run-single-request.js (2)

• hostRegex (76-76)
• hostRegex (261-261)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: SSL Tests - Linux
• GitHub Check: SSL Tests - macOS
• GitHub Check: SSL Tests - Windows
• GitHub Check: Unit Tests
• GitHub Check: Playwright E2E Tests
• GitHub Check: CLI Tests

🔇 Additional comments (5)

packages/bruno-electron/src/ipc/network/cert-utils.js (1)

70-70: Good defensive guard.

The null check prevents potential runtime errors when requestUrl is undefined or null before calling .match().

packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (1)

127-127: LGTM on named export.

The named export for configureRequest properly extends the module's public API while maintaining backward compatibility with the default export.

packages/bruno-electron/src/ipc/network/grpc-event-handlers.js (3)

11-11: LGTM on import.

The import correctly destructures the named export from prepare-grpc-request.

---

57-66: Correct integration of OAuth2 configuration.

The configureRequest call is properly placed after request preparation and certificate configuration, with correct parameter passing and awaiting.

---

205-214: Consistent OAuth2 configuration in reflection handler.

The configureRequest integration follows the same correct pattern as the start-connection handler.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (3)

21-63: Token placement logic is duplicated across grant types

For authorization_code, client_credentials, and password, the code to:

• set grpcRequest.oauth2Credentials, and
• place the access token into either the Authorization header or the URL query

is effectively identical, differing only in how credentials are fetched.

You can reduce duplication and potential divergence by extracting a small helper, e.g.:

+const applyOAuth2Token = (grpcRequest, request, {
+  credentials,
+  oauth2Url,
+  credentialsId,
+  debugInfo,
+  tokenPlacement,
+  tokenHeaderPrefix,
+  tokenQueryKey
+}) => {
+  grpcRequest.oauth2Credentials = {
+    credentials,
+    url: oauth2Url,
+    collectionUid: request.collectionUid || grpcRequest.collectionUid,
+    credentialsId,
+    debugInfo,
+    folderUid: request.oauth2Credentials?.folderUid
+  };
+
+  if (tokenPlacement === 'header') {
+    grpcRequest.headers['Authorization'] = `${tokenHeaderPrefix} ${credentials?.access_token}`;
+  } else {
+    try {
+      const url = new URL(grpcRequest.url);
+      url.searchParams.set(tokenQueryKey, credentials?.access_token);
+      grpcRequest.url = url.toString();
+    } catch (error) {
+      console.error('Failed to parse URL for OAuth2 token placement', error, grpcRequest.url, tokenQueryKey);
+    }
+  }
+};

Then each case becomes a focused “fetch credentials” call plus a single applyOAuth2Token(...). This keeps behavior consistent if you tweak token placement in the future.

---

26-26: Use strict equality (===) for tokenPlacement checks

The three checks

if (tokenPlacement == 'header') {

rely on loose equality. tokenPlacement is a configuration value and should be compared strictly to avoid silent coercion and to align with the project’s JS style guidelines.

Suggested change:

-        if (tokenPlacement == 'header') {
+        if (tokenPlacement === 'header') {

Apply the same replacement at Lines 40 and 54.

Also applies to: 40-40, 54-54

---

29-33: Empty catch blocks hide URL parsing problems

All three catch blocks around new URL(grpcRequest.url) are empty:

} catch (error) { }

This will silently swallow misconfigurations or invalid URLs, making it hard to debug why the token is not being added to the URL.

At minimum, log the error (or use the module’s logger if there is one):

-          } catch (error) { }
+          } catch (error) {
+            console.error(
+              'Failed to parse URL for OAuth2 token placement',
+              error,
+              grpcRequest.url,
+              tokenQueryKey
+            );
+          }

Apply a similar change to the two other catch blocks.

Also applies to: 43-47, 57-61

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d47c442 and 8177f2f.

📒 Files selected for processing (3)

• packages/bruno-electron/src/ipc/network/cert-utils.js (1 hunks)
• packages/bruno-electron/src/ipc/network/grpc-event-handlers.js (3 hunks)
• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/bruno-electron/src/ipc/network/grpc-event-handlers.js
• packages/bruno-electron/src/ipc/network/cert-utils.js

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (CODING_STANDARDS.md)

**/*.{js,jsx,ts,tsx}: Use 2 spaces for indentation. No tabs, just spaces
Stick to single quotes for strings. For JSX/TSX attributes, use double quotes (e.g., )
Always add semicolons at the end of statements
No trailing commas
Always use parentheses around parameters in arrow functions, even for single params
For multiline constructs, put opening braces on the same line, and ensure consistency. Minimum 2 elements for multiline
No newlines inside function parentheses
Space before and after the arrow in arrow functions. () => {} is good
No space between function name and parentheses. func() not func ()
Semicolons go at the end of the line, not on a new line
Names for functions need to be concise and descriptive
Add in JSDoc comments to add more details to the abstractions if needed
Add in meaningful comments instead of obvious ones where complex code flow is explained properly

Files:

• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js

🧠 Learnings (2)

📓 Common learnings

Learnt from: bijin-bruno
Repo: usebruno/bruno PR: 6263
File: packages/bruno-requests/src/auth/oauth2-helper.ts:249-249
Timestamp: 2025-12-02T07:24:50.311Z
Learning: In OAuth2 Basic Auth headers for Bruno, clientSecret is optional and can be omitted. When constructing the Authorization header in `packages/bruno-requests/src/auth/oauth2-helper.ts`, use `clientSecret || ''` instead of `clientSecret!` to properly handle cases where only clientId is provided, per community requests.

📚 Learning: 2025-12-02T07:24:50.311Z

Learnt from: bijin-bruno
Repo: usebruno/bruno PR: 6263
File: packages/bruno-requests/src/auth/oauth2-helper.ts:249-249
Timestamp: 2025-12-02T07:24:50.311Z
Learning: In OAuth2 Basic Auth headers for Bruno, clientSecret is optional and can be omitted. When constructing the Authorization header in `packages/bruno-requests/src/auth/oauth2-helper.ts`, use `clientSecret || ''` instead of `clientSecret!` to properly handle cases where only clientId is provided, per community requests.

Applied to files:

• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js

🧬 Code graph analysis (1)

packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (4)

packages/bruno-electron/src/ipc/network/index.js (10)

• configureRequest (101-289)
• request (326-326)
• collection (146-146)
• envVars (298-298)
• processEnvVars (307-307)
• certsAndProxyConfig (117-126)
• certsAndProxyConfig (147-147)
• requestCopy (162-162)
• requestCopy (163-163)
• interpolateVars (20-20)

packages/bruno-electron/src/ipc/network/interpolate-vars.js (1)

• interpolateVars (21-365)

packages/bruno-electron/src/utils/oauth2.js (1)

• getOAuth2TokenUsingAuthorizationCode (131-292)

packages/bruno-electron/src/ipc/network/grpc-event-handlers.js (1)

• prepareGrpcRequest (10-10)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: SSL Tests - Linux
• GitHub Check: SSL Tests - macOS
• GitHub Check: SSL Tests - Windows
• GitHub Check: CLI Tests
• GitHub Check: Playwright E2E Tests
• GitHub Check: Unit Tests

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (1)

30-30: Consider adding JSDoc documentation.

The configureRequest function is exported and has a complex signature with 8 parameters. Adding JSDoc would help consumers understand its purpose and side effects, especially that it mutates grpcRequest in place.

Add documentation like this:

+/**
+ * Configures OAuth2 authentication for a gRPC request by fetching tokens and placing them in headers or URL.
+ * Mutates the grpcRequest object in place by setting oauth2Credentials and adding the access token.
+ *
+ * @param {Object} grpcRequest - The gRPC request object to configure (mutated in place)
+ * @param {Object} request - The original request object with OAuth2 configuration
+ * @param {Object} collection - The collection containing the request
+ * @param {Object} envVars - Environment variables
+ * @param {Object} runtimeVariables - Runtime variables
+ * @param {Object} processEnvVars - Process environment variables
+ * @param {Object} promptVariables - Prompt variables
+ * @param {Object} certsAndProxyConfig - SSL certificates and proxy configuration
+ * @returns {Promise<void>}
+ */
 const configureRequest = async (grpcRequest, request, collection, envVars, runtimeVariables, processEnvVars, promptVariables, certsAndProxyConfig) => {

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8177f2f and c5a3549.

📒 Files selected for processing (1)

• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (CODING_STANDARDS.md)

**/*.{js,jsx,ts,tsx}: Use 2 spaces for indentation. No tabs, just spaces
Stick to single quotes for strings. For JSX/TSX attributes, use double quotes (e.g., )
Always add semicolons at the end of statements
No trailing commas
Always use parentheses around parameters in arrow functions, even for single params
For multiline constructs, put opening braces on the same line, and ensure consistency. Minimum 2 elements for multiline
No newlines inside function parentheses
Space before and after the arrow in arrow functions. () => {} is good
No space between function name and parentheses. func() not func ()
Semicolons go at the end of the line, not on a new line
Names for functions need to be concise and descriptive
Add in JSDoc comments to add more details to the abstractions if needed
Add in meaningful comments instead of obvious ones where complex code flow is explained properly

Files:

• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js

🧠 Learnings (2)

📓 Common learnings

Learnt from: bijin-bruno
Repo: usebruno/bruno PR: 6263
File: packages/bruno-requests/src/auth/oauth2-helper.ts:249-249
Timestamp: 2025-12-02T07:24:50.311Z
Learning: In OAuth2 Basic Auth headers for Bruno, clientSecret is optional and can be omitted. When constructing the Authorization header in `packages/bruno-requests/src/auth/oauth2-helper.ts`, use `clientSecret || ''` instead of `clientSecret!` to properly handle cases where only clientId is provided, per community requests.

📚 Learning: 2025-12-02T07:24:50.311Z

Learnt from: bijin-bruno
Repo: usebruno/bruno PR: 6263
File: packages/bruno-requests/src/auth/oauth2-helper.ts:249-249
Timestamp: 2025-12-02T07:24:50.311Z
Learning: In OAuth2 Basic Auth headers for Bruno, clientSecret is optional and can be omitted. When constructing the Authorization header in `packages/bruno-requests/src/auth/oauth2-helper.ts`, use `clientSecret || ''` instead of `clientSecret!` to properly handle cases where only clientId is provided, per community requests.

Applied to files:

• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js

🧬 Code graph analysis (1)

packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (2)

packages/bruno-electron/src/ipc/network/interpolate-vars.js (2)

• url (153-153)
• interpolateVars (21-365)

packages/bruno-electron/src/utils/oauth2.js (3)

• getOAuth2TokenUsingAuthorizationCode (131-292)
• getOAuth2TokenUsingClientCredentials (357-480)
• getOAuth2TokenUsingPasswordCredentials (484-629)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Playwright E2E Tests
• GitHub Check: SSL Tests - macOS
• GitHub Check: SSL Tests - Linux
• GitHub Check: SSL Tests - Windows
• GitHub Check: CLI Tests
• GitHub Check: Unit Tests

🔇 Additional comments (1)

packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (1)

58-117: Good refactoring – OAuth2 handling is now cleanly separated.

The refactoring successfully extracts OAuth2 token handling into a dedicated configureRequest function while keeping prepareGrpcRequest focused on request preparation. The export structure allows event handlers to call both functions in sequence.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add validation for undefined tokens and configuration values.

The function doesn't validate that credentials?.access_token, tokenHeaderPrefix, or tokenQueryKey are defined before using them. This could result in invalid Authorization headers like "undefined undefined" or malformed URL query parameters.

Apply this diff to add validation:

 const placeOAuth2Token = (grpcRequest, credentials, tokenPlacement, tokenHeaderPrefix, tokenQueryKey) => {
+  if (!credentials?.access_token) {
+    console.warn('OAuth2 access token is missing, skipping token placement');
+    return;
+  }
+
   if (tokenPlacement === 'header') {
+    if (!tokenHeaderPrefix) {
+      console.warn('OAuth2 tokenHeaderPrefix is missing, using default "Bearer"');
+    }
     grpcRequest.headers['Authorization'] = `${tokenHeaderPrefix || 'Bearer'} ${credentials.access_token}`;
   } else {
+    if (!tokenQueryKey) {
+      console.warn('OAuth2 tokenQueryKey is missing, skipping query parameter placement');
+      return;
+    }
     try {
       const url = new URL(grpcRequest.url);
-      url?.searchParams?.set(tokenQueryKey, credentials?.access_token);
+      url.searchParams.set(tokenQueryKey, credentials.access_token);
       grpcRequest.url = url?.toString();
     } catch (error) {
       console.error('Failed to parse URL for OAuth2 token placement:', error);
     }
   }
 };

[sanish-bruno]

I think it is better to not to have these checks, cause then users will be able to debug this, they can inspect the url, headers and see , it is sending undefined or something, your thoughts

[coderabbitai]

@sanish-bruno, that's a fair point! In a developer tool like Bruno, having the actual values (even if undefined) visible in the request helps users identify configuration issues more quickly than silent fallbacks would. I agree with your approach—letting the undefined values through makes debugging easier for users. Thanks for the clarification!

---

🧠 Learnings used

Learnt from: bijin-bruno
Repo: usebruno/bruno PR: 6263
File: packages/bruno-requests/src/auth/oauth2-helper.ts:249-249
Timestamp: 2025-12-02T07:24:50.311Z
Learning: In OAuth2 Basic Auth headers for Bruno, clientSecret is optional and can be omitted. When constructing the Authorization header in `packages/bruno-requests/src/auth/oauth2-helper.ts`, use `clientSecret || ''` instead of `clientSecret!` to properly handle cases where only clientId is provided, per community requests.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (2)

20-23: Remove unnecessary optional chaining.

The url object created by new URL() always has a searchParams property, so the optional chaining on lines 22-23 is redundant. The toString() call on line 23 also doesn't need optional chaining.

Apply this diff:

     try {
       const url = new URL(grpcRequest.url);
-      url?.searchParams?.set(tokenQueryKey, credentials?.access_token);
-      grpcRequest.url = url?.toString();
+      url.searchParams.set(tokenQueryKey, credentials?.access_token);
+      grpcRequest.url = url.toString();
     } catch (error) {
       console.error('Failed to parse URL for OAuth2 token placement:', error);
     }

---

36-55: Add default case for unknown grant types.

The switch statement doesn't handle unknown or undefined grant types. Consider adding a default case to log a warning when an unsupported grant type is encountered, which would aid debugging.

Apply this diff:

       case 'password':
         interpolateVars(requestCopy, envVars, runtimeVariables, processEnvVars, promptVariables);
         ({ credentials, url: oauth2Url, credentialsId, debugInfo } = await getOAuth2TokenUsingPasswordCredentials({ request: requestCopy, collectionUid: collection.uid, certsAndProxyConfig }));
         grpcRequest.oauth2Credentials = { credentials, url: oauth2Url, collectionUid: collection.uid, credentialsId, debugInfo, folderUid: request.oauth2Credentials?.folderUid };
         placeOAuth2Token(grpcRequest, credentials, tokenPlacement, tokenHeaderPrefix, tokenQueryKey);
         break;
+      default:
+        console.warn(`Unsupported OAuth2 grant type for gRPC: ${grantType}`);
+        break;
     }

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c5a3549 and 0ca7a77.

📒 Files selected for processing (1)

• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (CODING_STANDARDS.md)

**/*.{js,jsx,ts,tsx}: Use 2 spaces for indentation. No tabs, just spaces
Stick to single quotes for strings. For JSX/TSX attributes, use double quotes (e.g., )
Always add semicolons at the end of statements
No trailing commas
Always use parentheses around parameters in arrow functions, even for single params
For multiline constructs, put opening braces on the same line, and ensure consistency. Minimum 2 elements for multiline
No newlines inside function parentheses
Space before and after the arrow in arrow functions. () => {} is good
No space between function name and parentheses. func() not func ()
Semicolons go at the end of the line, not on a new line
Names for functions need to be concise and descriptive
Add in JSDoc comments to add more details to the abstractions if needed
Add in meaningful comments instead of obvious ones where complex code flow is explained properly

Files:

• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js

🧠 Learnings (2)

📓 Common learnings

Learnt from: bijin-bruno
Repo: usebruno/bruno PR: 6263
File: packages/bruno-requests/src/auth/oauth2-helper.ts:249-249
Timestamp: 2025-12-02T07:24:50.311Z
Learning: In OAuth2 Basic Auth headers for Bruno, clientSecret is optional and can be omitted. When constructing the Authorization header in `packages/bruno-requests/src/auth/oauth2-helper.ts`, use `clientSecret || ''` instead of `clientSecret!` to properly handle cases where only clientId is provided, per community requests.

📚 Learning: 2025-12-02T07:24:50.311Z

Learnt from: bijin-bruno
Repo: usebruno/bruno PR: 6263
File: packages/bruno-requests/src/auth/oauth2-helper.ts:249-249
Timestamp: 2025-12-02T07:24:50.311Z
Learning: In OAuth2 Basic Auth headers for Bruno, clientSecret is optional and can be omitted. When constructing the Authorization header in `packages/bruno-requests/src/auth/oauth2-helper.ts`, use `clientSecret || ''` instead of `clientSecret!` to properly handle cases where only clientId is provided, per community requests.

Applied to files:

• packages/bruno-electron/src/ipc/network/prepare-grpc-request.js

🧬 Code graph analysis (1)

packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (2)

packages/bruno-electron/src/ipc/network/interpolate-vars.js (2)

• url (153-153)
• interpolateVars (21-365)

packages/bruno-electron/src/utils/oauth2.js (3)

• getOAuth2TokenUsingAuthorizationCode (131-292)
• getOAuth2TokenUsingClientCredentials (357-480)
• getOAuth2TokenUsingPasswordCredentials (484-629)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: SSL Tests - Windows
• GitHub Check: SSL Tests - macOS
• GitHub Check: SSL Tests - Linux
• GitHub Check: CLI Tests
• GitHub Check: Playwright E2E Tests
• GitHub Check: Unit Tests

🔇 Additional comments (1)

packages/bruno-electron/src/ipc/network/prepare-grpc-request.js (1)

63-122: Clean refactoring of OAuth2 handling.

The separation of concerns between prepareGrpcRequest (building the base request with auth config) and configureRequest (fetching and applying OAuth2 tokens) is well-structured. This allows the event handlers to control when OAuth2 token fetching occurs while passing the necessary certsAndProxyConfig.