Skip to content

feat(featurebase): switch to JWT auth and restore feedback widget#80

Draft
johnwschoi wants to merge 1 commit intomainfrom
feat/featurebase-kanban-jwt
Draft

feat(featurebase): switch to JWT auth and restore feedback widget#80
johnwschoi wants to merge 1 commit intomainfrom
feat/featurebase-kanban-jwt

Conversation

@johnwschoi
Copy link

@johnwschoi johnwschoi commented Mar 27, 2026
edited
Loading

Summary

  • Switches Featurebase widget auth from untrusted client-side identity to backend-signed JWT
  • Adds dedicated getFeaturebaseToken tRPC query through the runtime stack (api-contract → SDK boundary → provider service → runtime-api → app-router → browser query helper)
  • Preserves the existing Featurebase widget / portal UX; this PR changes auth plumbing only
  • Uses a dedicated Featurebase token flow instead of piggybacking on fetch me / getClineAccountProfile, because the JWT is short-lived and Featurebase-specific and should be fetched fresh on widget open rather than carried on a generic profile response
  • Rewrites useFeaturebaseFeedbackWidget so it:
    • removes mount-time identify({ email, name, userId })
    • fetches a fresh JWT on each widget open
    • calls Featurebase("identify", { featurebaseJwt })
    • opens the widget only after the identify callback succeeds
  • Restores the Share Feedback button and app hook wiring removed by f89668d
  • Fails closed on auth/token errors and surfaces toast errors instead of silent no-op behavior
  • Gates Share Feedback on an authenticated Cline session and shows a sign-in message when unavailable

Test plan

  • Runtime tests: JWT success, retry-after-refresh, no provider throws, non-cline provider throws
  • Hook tests:
    • token fetch occurs on open, not mount
    • featurebaseJwt is passed to identify
    • no mount-time identify with plain user metadata
    • widget opens only after identify success callback
    • identify failure shows toast and does not open widget
    • token-load failure shows toast and does not open widget
  • FeedbackCard tests:
    • disabled without Cline session
    • sign-in helper message shown when unavailable
    • enabled with authenticated Cline session
  • Updated Kanban test coverage passing locally

Dependencies

Ref: ENG-1673

@johnwschoi johnwschoi mentioned this pull request Mar 27, 2026
Draft
4 tasks
@johnwschoi johnwschoi force-pushed the feat/featurebase-kanban-jwt branch from a7a4a90 to 08c9241 Compare March 27, 2026 04:29
@JohnChoi1
feat(featurebase): switch to JWT auth and restore feedback widget
d706d96 
- Add dedicated getFeaturebaseToken tRPC query through full runtime stack
- Rewrite hook: remove mount-time identify, fetch fresh JWT on each open
- Restore Share Feedback button and hook wiring removed by f89668d
- Fail-closed with toast errors when JWT auth fails
- Fix race condition: widget only opens after successful identify
- Remove data-featurebase-feedback to prevent SDK auto-open bypass
- Gate feedback button on Cline OAuth session
- Comprehensive tests for runtime, hook, and FeedbackCard

Ref: ENG-1673
@johnwschoi johnwschoi force-pushed the feat/featurebase-kanban-jwt branch from 08c9241 to d706d96 Compare March 27, 2026 04:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@johnwschoi