feat(credentials): client-credentials service accounts — Zoom, Box, Salesforce + Pipedrive API tokens#5690
feat(credentials): client-credentials service accounts — Zoom, Box, Salesforce + Pipedrive API tokens#5690waleedlatif1 wants to merge 1 commit into
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
@greptile-apps review |
|
@cursor review |
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
PR SummaryMedium Risk Overview Pipedrive joins as a personal API token provider with descriptor-driven UI adds a generic client-credential connect modal and wires Box / Pipedrive / Salesforce / Zoom Reviewed by Cursor Bugbot for commit a7c8890. Configure here. |
Greptile SummaryThis PR adds service-account credentials and API-token authentication for several integrations. The main changes are:
Confidence Score: 5/5This looks safe to merge within the reviewed follow-up scope.
Important Files Changed
Reviews (13): Last reviewed commit: "feat(credentials): client-credentials se..." | Re-trigger Greptile |
Greptile SummaryThis PR adds service-account authentication for several integrations. The main changes are:
Confidence Score: 4/5The client-credential creation path needs a fix before merging.
apps/sim/app/api/credentials/route.ts Important Files Changed
Sequence Diagram%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
participant UI as Service-account modal
participant API as POST /api/credentials
participant Builder as Secret builder
participant Provider as Zoom, Box, or Salesforce
participant DB as Credential store
UI->>API: providerId, clientId, clientSecret, orgId
API->>Builder: providerId without client credentials
Builder-->>API: Missing required field error
Note over Provider,DB: Verification and storage are not reached
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
participant UI as Service-account modal
participant API as POST /api/credentials
participant Builder as Secret builder
participant Provider as Zoom, Box, or Salesforce
participant DB as Credential store
UI->>API: providerId, clientId, clientSecret, orgId
API->>Builder: providerId without client credentials
Builder-->>API: Missing required field error
Note over Provider,DB: Verification and storage are not reached
Reviews (2): Last reviewed commit: "fix(credentials): Group B verification r..." | Re-trigger Greptile |
|
@greptile-apps review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 0d959f4. Configure here.
|
@greptile-apps review |
|
@greptile-apps review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit f9e356a. Configure here.
|
@greptile-apps review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 23a85f4. Configure here.
|
@greptile-apps review |
|
@cursor review |
|
@greptile-apps review |
|
@cursor review |
2700cbc to
a2e1187
Compare
|
@greptile-apps review |
|
@cursor review |
a2e1187 to
92a20e0
Compare
|
@greptile-apps review |
|
@cursor review |
92a20e0 to
35f2a4c
Compare
|
@greptile-apps review |
|
@cursor review |
35f2a4c to
19ca423
Compare
|
@greptile-apps review |
|
@cursor review |
…alesforce + Pipedrive API tokens Second service-account kind (follow-up to #5682): client-credential pairs (client ID + secret + org identifier) that mint short-lived tokens at execution — in-memory cache with ciphertext-fingerprint validation (rotation-correct across instances), single-flight coalescing, 30s failure memo, no refresh-token storage. - Zoom Server-to-Server OAuth, Box Client Credentials Grant, and Salesforce client-credentials (integration user) are the first minters; Salesforce's live instance_url rides the existing instanceUrl plumbing so all 40 tools work unchanged - Pipedrive lands as a token-paste provider with explicit authStyle threading: descriptor declares x-api-token, one shared header helper drives all 18 tools + both selector routes, OAuth Bearer behavior untouched - SSRF-allowlisted Salesforce My Domain host (production/sandbox/developer partitioned domains); ENOTFOUND maps to site_not_found, EAI_AGAIN stays provider_unavailable; 408/429 from token endpoints never blamed on creds - Create route forwards clientId/clientSecret/orgId to the builder, pinned by a route-level regression test - Zoom user-scoped tools document that server-to-server tokens don't support 'me' - 4 setup-guide docs pages verified against current vendor flows (incl. Salesforce External Client Apps — the classic Connected App wizard is disabled by default since Spring '26); integrations sidebar gains a Service Accounts & API Keys section
19ca423 to
a7c8890
Compare
|
@greptile-apps review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit a7c8890. Configure here.
Summary
Type of Change
Testing
204 tests across minters, validators, the mint-cache suite, threading, and existing credential suites; typecheck, check:api-validation, docs MDX build all green. Specs and implementations verified against live vendor docs by independent research + adversarial verification rounds.
Checklist