feat(auth): improve error messages for expired sessions, invalid credentials, and network issues (PULSE-25) #2

Merged

uz1mani merged 1 commits from staging into main 2026-02-03 18:35:47 +00:00

Conversation 0 Commits 1 Files Changed 12 +199 -92

uz1mani commented 2026-02-03 18:35:34 +00:00 (Migrated from github.com)

Copy Link

Summary

This PR standardizes authentication and API error handling across the application. It replaces generic or raw server error messages with safe, actionable copy (e.g., "Session expired, please sign in again" vs "Network error, please try again") to improve UX and prevent sensitive detail exposure.

Changes

• Centralized Error Copy: Added lib/utils/authErrors.ts to map status codes and error types to user-facing messages.
• API Client Improvements:
  • Added a 30s timeout to all requests.
  • Automatically maps 401/403/5xx and network/timeout errors to the standardized messages.
  • Ensures token refresh failures trigger the correct "Session expired" message.
• Auth Callback:
  • Now distinguishes between invalid credentials (re-login) and network errors (retry).
  • Added a "Try again" button for network failures.
• Server Actions: Updated exchangeAuthCode and setSessionAction to return structured error codes (expired, invalid, network) instead of raw error strings.
• UI Consistency: Updated error toasts across Dashboard, Site Settings, and Onboarding to use the new getAuthErrorMessage helper.

Testing

• Verified that 401 responses trigger "Session expired".
• Verified that 403 responses trigger "Invalid credentials".
• Verified that network failures (simulated) trigger "Network error" and show a retry option in the auth callback.

## Summary This PR standardizes authentication and API error handling across the application. It replaces generic or raw server error messages with safe, actionable copy (e.g., "Session expired, please sign in again" vs "Network error, please try again") to improve UX and prevent sensitive detail exposure. ## Changes - **Centralized Error Copy**: Added `lib/utils/authErrors.ts` to map status codes and error types to user-facing messages. - **API Client Improvements**: - Added a 30s timeout to all requests. - Automatically maps 401/403/5xx and network/timeout errors to the standardized messages. - Ensures token refresh failures trigger the correct "Session expired" message. - **Auth Callback**: - Now distinguishes between invalid credentials (re-login) and network errors (retry). - Added a "Try again" button for network failures. - **Server Actions**: Updated `exchangeAuthCode` and `setSessionAction` to return structured error codes (`expired`, `invalid`, `network`) instead of raw error strings. - **UI Consistency**: Updated error toasts across Dashboard, Site Settings, and Onboarding to use the new `getAuthErrorMessage` helper. ## Testing - Verified that 401 responses trigger "Session expired". - Verified that 403 responses trigger "Invalid credentials". - Verified that network failures (simulated) trigger "Network error" and show a retry option in the auth callback.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

usman

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: ciphera-net/pulse#2

No description provided.