chore(deps): update dependency openid_connect to v1 #1328

Sign in to view

sentry · 2026-02-20T18:39:59Z

Bug: The upgrade to openid_connect v1.0 requires the finch HTTP client, but finch is not added to the application's supervision tree, which will cause runtime errors.
_{Severity: CRITICAL}

Suggested Fix

To fix this, first add finch as an explicit dependency in mix.exs. Then, add finch to the application's supervision tree in lib/cadet/application.ex. For example: children = [ {Finch, name: Cadet.Finch}, ... ].

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: mix.exs#L79 Potential issue: The pull request upgrades the `openid_connect` dependency to v1.0. This new version replaces its internal HTTP client with `finch`. The `finch` library requires being explicitly started in the application's supervision tree to handle HTTP requests. The current codebase does not add `finch` to the supervision tree in `lib/cadet/application.ex`. As a result, when the application attempts OpenID authentication by calling functions like `OpenIDConnect.fetch_tokens()`, these calls will fail at runtime because the underlying `finch` process is not running. This will break the OpenID login flow for all users.

sentry · 2026-03-02T16:35:55Z

Bug: The openid_connect dependency is updated to v1.0, but the code still uses the old API (e.g., OpenIDConnect.Worker), which was removed, causing application and authentication failures.
_{Severity: CRITICAL}

Suggested Fix

Update the codebase to use the openid_connect v1.0 API. This requires removing the supervision code for the non-existent OpenIDConnect.Worker and updating the authentication provider logic to use the new function signatures and modules provided by the v1.0 library. The tests must also be updated to reflect these API changes.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: mix.exs#L79 Potential issue: The pull request updates the `openid_connect` dependency from `~> 0.2` to `~> 1.0`, which is a major rewrite of the library. However, the application code has not been updated to use the new API. The code in `lib/cadet/application.ex` attempts to start `OpenIDConnect.Worker`, a module that was removed in v1.0. This will cause the application to fail on startup if `openid_connect_providers` are configured. Additionally, functions like `OpenIDConnect.fetch_tokens` and `OpenIDConnect.verify` are called with signatures that are likely outdated for v1.0, which will lead to authentication failures at runtime.

-Original file line number
+Diff line change
@@ Expand Up / @@ -76,7 +76,7 @@ defmodule Cadet.Mixfile do @@
           {:httpoison, "~> 2.3", override: true},
           {:jason, "~> 1.2"},
           {:openai, "~> 0.6.2"},
-          {:openid_connect, "~> 0.2"},
+          {:openid_connect, "~> 1.0"},
           {:phoenix, "~> 1.5"},
           {:phoenix_view, "~> 2.0"},
           {:phoenix_ecto, "~> 4.0"},
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency openid_connect to v1 #1328

Uh oh!

Diff view

Diff view

There are no files selected for viewing

This comment was marked as outdated.

Uh oh!

sentry bot Feb 20, 2026

Uh oh!

sentry bot Mar 2, 2026

Uh oh!

Uh oh!

chore(deps): update dependency openid_connect to v1 #1328

Are you sure you want to change the base?

Uh oh!

chore(deps): update dependency openid_connect to v1 #1328

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

This comment was marked as outdated.

Uh oh!

sentry bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 2, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!