Skip to content

Implement POST /auth/google/disconnect handler (LEY-16)#13

Merged
ltyu merged 3 commits intomasterfrom
leyu00/ley-16-implement-disconnect-gmail-oauth-handler
Mar 19, 2026
Merged

Implement POST /auth/google/disconnect handler (LEY-16)#13
ltyu merged 3 commits intomasterfrom
leyu00/ley-16-implement-disconnect-gmail-oauth-handler

Conversation

@ltyu
Copy link
Copy Markdown
Owner

@ltyu ltyu commented Mar 18, 2026

Summary

Implements the POST /auth/google/disconnect endpoint which previously returned 501. Authenticated users can now revoke their Gmail connection.

Changes

  • Replace 501 stub in src/handlers/disconnectGoogleOAuth.ts with a full implementation:
    • Uses JwtAuthenticatedAppUserProvider to extract userId from the verified JWT sub claim
    • Calls gmailConnectionRepository.clearRefreshToken() to null the encrypted token and set status to revoked — preserves the record for auditing
    • Returns 200 on success, 404 when no connection exists (ConditionalCheckFailedException), 401 when unauthenticated
    • Rethrows unexpected errors for Lambda error handling
  • Follows the same dependency-injection pattern as startGoogleOAuth and googleOAuthCallback
  • Add src/handlers/disconnectGoogleOAuth.test.ts with 4 tests: 401 unauthenticated, 200 success with correct DynamoDB call, 404 not found, rethrow on unexpected error

Test results

Test Files  14 passed (14)
     Tests  45 passed (45)

pnpm exec tsc --noEmit passes clean.

Closes LEY-16

ltyu added 3 commits March 18, 2026 15:51
@ltyu
Implement POST /auth/google/disconnect handler
423663c 
- Replace 501 stub with a full implementation using JwtAuthenticatedAppUserProvider
  to extract userId from the verified JWT sub claim
- Call clearRefreshToken() to set status=revoked and null the encrypted token,
  preserving the connection record for auditing
- Return 200 on success, 404 when no connection exists (ConditionalCheckFailedException),
  401 when unauthenticated, and rethrow unexpected errors
- Add 4 unit tests: 401 unauthenticated, 200 success, 404 not found, rethrow on unknown error

Closes LEY-16
@ltyu
Remove unused KMS import and client from disconnect handler
43a0ecc
@ltyu
Document Auth0 setup and auth boundary (LEY-17)
be92899 
- Add docs/auth0-setup.md with step-by-step Auth0 tenant setup instructions
  covering API creation, Google social connection, test application, and
  the SAM parameter values required for deployment
- Update docs/gmail-connection-contracts.md to replace stale header-based
  auth references with the current Auth0 JWT boundary: API Gateway verifies
  the JWT, Lambda reads userId from the injected sub claim

Closes LEY-17
@ltyu ltyu merged commit 2d63823 into master Mar 19, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ltyu