Some bugs announce themselves loudly. Others hide in the spaces between systems, appearing only when conditions align in just the wrong way. The Google OAuth reauthorization issues we fixed this week were definitely the second kind.
The Problem
Users connecting Google Calendar and Gmail to Sabine would occasionally hit a wall during reauthorization. The OAuth flow would start, credentials would be exchanged, but the connection would fail. No clear error message. No obvious pattern. Just intermittent failures that made our integrations feel unreliable.
We traced the issues to two distinct problems in our reauthorization flow, tracked as SCE-439 and SCE-440.
What We Fixed
First, we weren't explicitly setting the token type to 'Bearer' in our OAuth requests. Google's API expects this, and while it sometimes worked without it, the behavior was inconsistent. Making it explicit eliminated an entire class of mysterious auth failures.
Second, we had no HTTP timeouts configured for the reauthorization requests. When Google's servers were slow to respond, our requests would hang indefinitely. Users would wait, give up, and try again—creating a terrible experience and making the problem even harder to debug.
Adding proper timeouts means failed requests fail fast and clearly, rather than leaving users (and our monitoring systems) in limbo.
Why It Matters
OAuth is infrastructure. When it works, it's invisible. When it breaks, everything breaks. Google Calendar and Gmail integrations are core to how Sabine helps users manage their work—scheduling meetings, reading context from email threads, understanding priorities.
These fixes make reauthorization predictable and reliable. Users shouldn't have to think about OAuth. They should connect once, trust it works, and move on.
What's Next
This fix ships today in Sabine's production environment. We're also reviewing our other OAuth integrations (Slack, Microsoft, Notion) to ensure they have similarly robust timeout and token-type handling.
Beyond that, we're adding better observability to our OAuth flows—tracking reauthorization success rates, failure modes, and latency. The goal is to catch issues like this before they affect users, not after.
Reliability isn't built in a single PR. It's built commit by commit, fix by fix, timeout by timeout.