Problem
The dashboard uses a GitHub OAuth access token stored in the user session. GitHub access tokens for OAuth apps do not expire by default, but fine-grained personal access tokens and GitHub Apps tokens do expire. Additionally, users can revoke authorization at any time in their GitHub settings. When an expired or revoked token is used to call the API, GitHub returns HTTP 401, but the dashboard does not distinguish this from a network error: it either shows stale data or a generic error message, leaving users confused about why their stats are missing.
Steps to Reproduce
- Authenticate with GitHub OAuth
- Manually revoke the application's access in GitHub Settings > Applications
- Reload the dashboard
- Observe the generic error state rather than a "reconnect GitHub" prompt
Proposed Fix
Inspect the HTTP status and X-OAuth-Scopes header on every GitHub API response:
if (response.status === 401) {
await invalidateSession(userId);
redirect("/auth/github"); // prompt re-authentication
}Show a clear "Your GitHub connection has expired. Reconnect to refresh your stats." banner when this condition is detected.
Complexity: Level 2 | Program: GSSOC '26
Problem
The dashboard uses a GitHub OAuth access token stored in the user session. GitHub access tokens for OAuth apps do not expire by default, but fine-grained personal access tokens and GitHub Apps tokens do expire. Additionally, users can revoke authorization at any time in their GitHub settings. When an expired or revoked token is used to call the API, GitHub returns HTTP 401, but the dashboard does not distinguish this from a network error: it either shows stale data or a generic error message, leaving users confused about why their stats are missing.
Steps to Reproduce
Proposed Fix
Inspect the HTTP status and
X-OAuth-Scopesheader on every GitHub API response:Show a clear "Your GitHub connection has expired. Reconnect to refresh your stats." banner when this condition is detected.
Complexity: Level 2 | Program: GSSOC '26