fix(identity): OAuth error handling, ConnectionHub UX, and portal improvements

[danielhe4rt]

Summary

• OAuth error handling: Gracefully handle token exchange failures and missing credentials instead of crashing with unhandled exceptions
• ConnectionHub UX: Compact layout for profile sidebar, light/dark theme support, refined disconnect button styling
• Portal improvements: Add "Área do Usuário" navbar link, Twitch as login provider, fix hero avatar metadata key (name vs username for legacy/new GitHub records)
• Provider reconnection: Clear disconnected_at when reconnecting an existing provider

Changes

Identity module

• OAuthController: catch OAuthFlowException on token exchange, redirect with error notification
• AttachProviderToUser: clear disconnected_at on reconnect
• OAuth clients (Discord, GitHub, Twitch): throw OAuthFlowException on missing credentials

Panel App

• ConnectionHub: compact card layout, dark/light theme support, pill-style disconnect button, timestamp next to title
• LoginPage: add Twitch OAuth button
• Profile wrapper: light mode compatible (bg-white dark:bg-gray-900)

Portal

• Navbar: outlined "Área do Usuário" button linking to /app
• HeroSection: support both username (new) and name (legacy) metadata keys for GitHub avatars

Test plan

• OAuth login with Discord, GitHub, and Twitch
• Disconnect/reconnect a provider from profile ConnectionHub
• Verify ConnectionHub renders correctly in both light and dark mode
• Portal landing page loads without errors (hero avatars)
• "Área do Usuário" navbar link navigates to /app

Description

This PR improves OAuth robustness and UX: it adds explicit token-exchange error handling and credential validation for OAuth providers, clears disconnected provider state on reconnection, adds Twitch as a login option, and improves ConnectionHub/profile/portal UI and avatar metadata handling to prevent avatar-loading errors and support light/dark themes.

References

• PR #288: OAuth flow refactor with account merge strategy — feat(identity): OAuth flow refactor with account merge strategy #288
• PR #272: Twitch integration and EventSub foundation — feat(integration-twitch): Twitch integration with admin panel, tenant-scoped EventSub, and subscription management #272
• PR #289: Data migration indexes — fix: data migration indexes #289

Dependencies & Requirements

• No new runtime dependencies added.
• Configuration/runtime expectations: OAuth clients (GitHub) now throw descriptive RuntimeException when client_id/secret are missing — ensure OAuth credentials are set in environment/config for Discord, GitHub, Twitch.
• No schema or production environment changes beyond existing migration updates included in the PR.

Contributor Summary

Contributor	Lines Added	Lines Removed	Files Changed
danielhe4rt	136	45	12

Changes Summary

File Path	Change Description
app-modules/identity/src/Auth/Exceptions/OAuthFlowException.php	Added factory method tokenExchangeFailed(...) for formatted OAuth token-exchange errors
app-modules/identity/src/Auth/Http/Controllers/OAuthController.php	Catch missing/denied callbacks and OAuthFlowException during token exchange; log and redirect with error handling
app-modules/identity/src/Auth/Actions/AttachProviderToUser.php	Clear disconnected_at (set to null) on provider attach/reconnect to reactivate provider
app-modules/integration-discord/src/OAuth/DiscordOAuthClient.php	Validate token-exchange payload; throw OAuthFlowException when access_token missing
app-modules/integration-github/src/IntegrationGithubServiceProvider.php	Validate GitHub client_id/secret at registration and throw RuntimeException if missing
app-modules/integration-github/src/OAuth/GitHubOAuthClient.php	Validate token-exchange payload; throw OAuthFlowException when access_token missing
app-modules/integration-twitch/src/OAuth/TwitchOAuthClient.php	Validate token-exchange payload; throw OAuthFlowException when access_token missing
app-modules/panel-app/resources/views/auth/login.blade.php	Added Twitch OAuth login button
app-modules/panel-app/resources/views/pages/profile.blade.php	Updated profile preview markup and dark/light theme classes
resources/views/livewire/connection-hub.blade.php	Refined ConnectionHub UI: compact cards, pill-style disconnect button, light/dark theme improvements, timestamp next to title
app-modules/portal/resources/views/components/navbar.blade.php	Added outlined "Área do Usuário" navbar link (points to /app) and responsive Discord button variants
app-modules/portal/src/Livewire/HeroSection.php	Fetch GitHub avatars using metadata['username'] with fallback to ['name'] to avoid avatar errors

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR standardizes OAuth token-exchange failure handling with OAuthFlowException::tokenExchangeFailed, validates token responses in Discord/GitHub/Twitch clients, hardens OAuthController redirect/callback flows with logging and safe redirects, validates GitHub OAuth config at registration, adds a Twitch login button, updates responsive navbar and connection-hub UI styles, refines avatar/profile display logic, initializes ExternalIdentity.disconnected_at to null on attach, and converts many tenant_id columns in migrations to UUID semantics.

Possibly related PRs

• he4rt/heartdevs.com#186: Related to ExternalIdentity and the disconnected_at field schema and handling.
• he4rt/heartdevs.com#288: Overlaps on OAuth flow refactors and identity/controller wiring changes.

Suggested reviewers

• Clintonrocha98
• davicbtoliveira
• gabrielrbarbosa

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 10.71% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main changes: OAuth error handling improvements, ConnectionHub UX updates, and portal enhancements across identity and integration modules.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app-modules/identity/src/Auth/Http/Controllers/OAuthController.php`:
- Around line 66-72: In the OAuthController catch block for OAuthFlowException
(where $action->execute(...) is called and Log::warning is used), add a
user-facing error notification before redirecting: attach a flash/error message
to the redirect (e.g. redirect()->to($state->returnUrl ?? '/')->with('error',
'<friendly message>')) so users see an authentication failure notice while
keeping the existing logging and redirect behavior; keep the Log::warning call
with $oAuthFlowException->getMessage() unchanged.
- Around line 57-64: In OAuthController where $code and $oauthDenied are
determined, add a user-facing flash message when $oauthDenied is true (e.g., use
session()->flash or redirect()->with) so the redirect()->to($fallbackUrl)
communicates "Authentication was cancelled" (or similar); modify the block that
checks $oauthDenied (using $code, $oauthDenied, and $state->returnUrl) to set
the flash message before returning the redirect.

In `@app-modules/integration-github/src/IntegrationGithubServiceProvider.php`:
- Line 20: The throw_if check currently only rejects nulls for $clientId and
$clientSecret; update the condition in the throw_if call (the line referencing
RuntimeException::class and variables $clientId/$clientSecret) to also treat
empty strings (recommend checking empty(trim($clientId)) and
empty(trim($clientSecret)) or $clientId === ''/$clientSecret === '') as invalid
so the RuntimeException is thrown for missing credentials rather than letting
empty env values slip through.

In `@app-modules/portal/resources/views/components/navbar.blade.php`:
- Line 37: The Tailwind important modifier is currently placed after the utility
in the class attribute (see the class string containing "w-auto! md:hidden");
move the `!` so it precedes the utility (i.e., change the class token from the
incorrect "w-auto!" form to the correct "!w-auto" form) leaving other classes
like "md:hidden" unchanged to restore proper Tailwind behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 546e6b97-e208-41c1-b3b0-6634cd3cbb62

📥 Commits

Reviewing files that changed from the base of the PR and between 0950786 and 4e70f2b.

📒 Files selected for processing (12)

• app-modules/identity/src/Auth/Actions/AttachProviderToUser.php
• app-modules/identity/src/Auth/Exceptions/OAuthFlowException.php
• app-modules/identity/src/Auth/Http/Controllers/OAuthController.php
• app-modules/integration-discord/src/OAuth/DiscordOAuthClient.php
• app-modules/integration-github/src/IntegrationGithubServiceProvider.php
• app-modules/integration-github/src/OAuth/GitHubOAuthClient.php
• app-modules/integration-twitch/src/OAuth/TwitchOAuthClient.php
• app-modules/panel-app/resources/views/auth/login.blade.php
• app-modules/panel-app/resources/views/pages/profile.blade.php
• app-modules/portal/resources/views/components/navbar.blade.php
• app-modules/portal/src/Livewire/HeroSection.php
• resources/views/livewire/connection-hub.blade.php