Skip to content

Add reset-oauth CLI command to clear cached Apps OAuth tokens#443

Draft
oliverli wants to merge 1 commit into
masterfrom
oliverli/add-reset-oauth-cli-command-to-clear-cached-apps-oauth-tokens
Draft

Add reset-oauth CLI command to clear cached Apps OAuth tokens#443
oliverli wants to merge 1 commit into
masterfrom
oliverli/add-reset-oauth-cli-command-to-clear-cached-apps-oauth-tokens

Conversation

@oliverli

@oliverli oliverli commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Summary

Adds a new internal CLI command, yarn cli reset-oauth, that clears the cached Datadog Apps OAuth token(s) from the OS credential store so the next upload restarts the browser authorization flow.

Previously there was no user-facing way to reset OAuth state — a cached token was only ever deleted automatically when a refresh failed, so resetting meant manually editing the OS keychain.

What it does

  • yarn cli reset-oauth — clears the cached token for every known Datadog site (SITES from @dd/core).
  • yarn cli reset-oauth --site datadoghq.eu — clears the token for a single site; unknown sites are rejected with a clear error.
  • Deletion is idempotent (running with no cached token succeeds). Per-site failures are collected and reported with a non-zero exit code.

The command reuses the existing deleteOAuthTokenFromKeychain and getDatadogOAuthConfig helpers in @dd/core/helpers/oauth-request rather than reimplementing any keychain logic.

Changes

  • packages/tools/src/commands/reset-oauth/index.ts — the command.
  • packages/tools/src/commands/reset-oauth/index.test.ts — unit tests covering: clear-all, single-site, unknown-site rejection, idempotency, and the failure-path exit code.
  • packages/tools/README.md — documents the new command.

Testing

  • yarn test:unit packages/tools/src/commands/reset-oauth — 5/5 passing.
  • ESLint and typecheck clean on the new files.

🤖 Generated with Claude Code

Adds `yarn cli reset-oauth` to delete the cached Datadog Apps OAuth
token(s) from the OS credential store, so the next upload restarts the
browser authorization flow. Defaults to clearing every known site;
`--site` targets a single one. Reuses the existing keychain helpers in
@dd/core/helpers/oauth-request.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copy link
Copy Markdown
Collaborator Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant