document things

Author: brendan-kellam

docs/docs/features/permission-syncing.mdx

@@ -27,6 +27,10 @@ docker run \
     ghcr.io/sourcebot-dev/sourcebot:latest
 ```
 
+<Warning>
+Enabling permission syncing on an **existing** deployment may result in errors that look like **"User does not have an OAuth access token..."**. This is because the OAuth access token associated with the user's existing account does not have the correct scopes necessary for permission syncing. To fix, have the user re-authenticate to refresh their access token by either logging out of Sourcebot and logging in again or unlinking and re-linking their account.
+</Warning>
+
 ## Platform support
 
 We are actively working on supporting more code hosts. If you'd like to see a specific code host supported, please [reach out](https://www.sourcebot.dev/contact).

packages/backend/src/ee/accountPermissionSyncer.ts

@@ -166,7 +166,7 @@ export class AccountPermissionSyncer {
 
             if (account.provider === 'github') {
                 if (!account.access_token) {
-                    throw new Error(`User '${account.user.email}' does not have an GitHub OAuth access token associated with their GitHub account.`);
+                    throw new Error(`User '${account.user.email}' does not have an GitHub OAuth access token associated with their GitHub account. Please re-authenticate with GitHub to refresh the token.`);
                 }
 
                 // @hack: we don't have a way of identifying specific identity providers in the config file.
@@ -202,7 +202,7 @@ export class AccountPermissionSyncer {
                 repos.forEach(repo => aggregatedRepoIds.add(repo.id));
             } else if (account.provider === 'gitlab') {
                 if (!account.access_token) {
-                    throw new Error(`User '${account.user.email}' does not have a GitLab OAuth access token associated with their GitLab account.`);
+                    throw new Error(`User '${account.user.email}' does not have a GitLab OAuth access token associated with their GitLab account. Please re-authenticate with GitLab to refresh the token.`);
                 }
 
                 // @hack: we don't have a way of identifying specific identity providers in the config file.

packages/backend/src/gitlab.ts

@@ -324,7 +324,6 @@ export const getProjectsForAuthenticatedUser = async (visibility: 'private' | 'i
 export const getOAuthScopesForAuthenticatedUser = async (api: InstanceType<typeof Gitlab>) => {
     try {
         const response = await api.requester.get('/oauth/token/info');
-        console.log('response', response);
         if (
             response &&
             typeof response.body === 'object' &&

packages/web/src/app/components/authMethodSelector.tsx

@@ -29,18 +29,10 @@ export const AuthMethodSelector = ({
         // Call the optional analytics callback first
         onProviderClick?.(provider);
 
-        // @nocheckin
         signIn(
             provider,
             {
                 redirectTo: callbackUrl ?? "/",
-            },
-            // @see: https://github.com/nextauthjs/next-auth/issues/2066
-            // @see: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-            // @see: https://next-auth.js.org/getting-started/client#additional-parameters
-            {
-                prompt: 'consent',
-                scope: 'read:user user:email repo'
             }
         );
     }, [callbackUrl, onProviderClick]);