The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
docs	Skipped		Dec 18, 2025 7:32pm

Greptile Summary

This PR modernizes Salesforce OAuth to support Production, Sandbox (Developer Edition), and Custom Domain (My Domain) organizations through a flexible multi-endpoint authentication flow.

Key Changes:

• Replaced framework-based OAuth provider with custom routes (/api/auth/salesforce/authorize and /api/auth/oauth2/callback/salesforce) to support org type selection
• Implemented proper PKCE flow with secure cookie-based state management
• Store both instanceUrl (for API calls) and authBaseUrl (for token refresh) as JSON in the idToken field
• Modified account creation hook to replace existing accounts by (userId, providerId) instead of (userId, providerId, accountId), allowing users to reconnect different Salesforce orgs
• Added refreshSalesforceToken with intelligent fallback: tries stored authBaseUrl first, then production endpoint, then sandbox endpoint
• Created parseSalesforceMetadata utility with backward compatibility for legacy token formats (JSON, raw URL, JWT)
• Updated all Salesforce tool blocks to use the new metadata parser

Previous Thread Resolutions:
Most security concerns from previous threads have been addressed:

• XSS risk mitigated through proper HTML escaping in inline script
• Open redirect vulnerability fixed with origin validation (lines 197-202 in callback)
• Custom domain validation properly enforced server-side (line 285 in authorize)
• Token refresh now supports custom domains through stored authBaseUrl

Unrelated Change:
The Wealthbox provider changes (lines 725-738 in auth.ts) appear unrelated to Salesforce improvements and change ID generation from timestamp-based to static, which could cause issues.

Confidence Score: 4/5

• This PR is safe to merge with only minor concerns about an unrelated change
• The Salesforce OAuth implementation is solid with proper security measures (PKCE, state validation, origin checks). Previous security concerns have been addressed. The score is 4 instead of 5 due to the unrelated Wealthbox changes that should ideally be in a separate PR.
• The Wealthbox changes in apps/sim/lib/auth/auth.ts (lines 725-738) are unrelated and change behavior in a way that may need verification

Important Files Changed

Sequence Diagram

sequenceDiagram
    participant User
    participant Browser
    participant AuthRoute as Salesforce Authorize
    participant SF as Salesforce
    participant Callback as Callback Handler
    participant DB

    User->>Browser: Click Connect Salesforce
    Browser->>AuthRoute: Request without orgType
    AuthRoute->>Browser: HTML form with org options
    Browser->>User: Show form
    User->>Browser: Select Production/Sandbox/Custom
    
    Browser->>AuthRoute: Request with orgType
    AuthRoute->>AuthRoute: Validate custom domain
    AuthRoute->>AuthRoute: Generate PKCE
    AuthRoute->>Browser: Set secure cookies
    Browser->>SF: OAuth authorization
    SF->>User: Login prompt
    User->>SF: Authenticate
    
    SF->>Callback: Return auth code
    Callback->>Callback: Verify state and PKCE
    Callback->>SF: Exchange code for token
    SF->>Callback: Access token and instanceUrl
    Callback->>Callback: Build metadata JSON
    Callback->>DB: Save or update account
    Callback->>Browser: Redirect to app
    
    Note over DB: Token Refresh Later
    DB->>SF: Refresh with authBaseUrl
    alt Primary endpoint works
        SF->>DB: New token
    else Try production fallback
        SF->>DB: New token
    else Try sandbox fallback
        SF->>DB: New token
    end

@greptile

@greptile