Event Explorer
Search and filter project events
Showing 4 of 4 events
| Event | Type | Severity | Status | Category | Tags | When |
|---|---|---|---|---|---|---|
| Beta testers report confusing auth flow — 3 of 5 needed help First beta cohort (5 users) completed onboarding tasks. 3 out of 5 got stuck or confused at the GitHub OAuth step. Two said they didn't understand why VCTRL needed GitHub access. One user thought the app was broken when they were redirected to GitHub. Beta Tester Feedback — Slack Thread | Feedback | High | Open | Beta Feedback | 2 months ago | |
| Auth decision: Adopt PKCE flow for all OAuth providers Decision made to standardize on PKCE (Proof Key for Code Exchange) for all OAuth flows in VCTRL. This resolves cookie-blocking issues, improves security posture, and is Supabase's recommended approach. Applies to GitHub OAuth and any future providers (Google, GitLab). ChatGPT — OAuth Debug Session | Decision | High | Resolved | Auth / OAuth | 2 months ago | |
| Login cancel and retry creates broken auth state When a user clicks "Login with GitHub", cancels on the GitHub authorization screen, and then tries again immediately, the app enters a broken state. The Supabase OAuth state token has already been consumed or expired and the retry fails with a 400. User must hard refresh. ChatGPT — OAuth Debug Session | Bug Note | Medium | Open | Auth / OAuth | 2 months ago | |
| Selective cookie blocking breaks GitHub OAuth callback Users with strict browser cookie settings (Firefox Enhanced Tracking Protection, Brave Shields) fail the GitHub OAuth callback. The session cookie set by Supabase during the OAuth handshake is blocked as a third-party cookie, causing a silent redirect loop back to /login. Requires domain-matching fix or first-party cookie workaround. ChatGPT — OAuth Debug Session | Bug Note | High | In Progress | Auth / OAuth | 2 months ago |