From e011882264def058aa96f61e9a8569d9e954362b Mon Sep 17 00:00:00 2001
From: pete <peter.chai@aviva.com>
Date: Fri, 10 Nov 2023 13:53:50 +0000
Subject: [PATCH 01/18] feat: remove query escaping of base64 encoded
 credentials

---
 internal/token.go | 4 +++-
 oauth2_test.go    | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/internal/token.go b/internal/token.go
index e83ddeef0..04b7db16b 100644
--- a/internal/token.go
+++ b/internal/token.go
@@ -196,7 +196,9 @@ func newTokenRequest(tokenURL, clientID, clientSecret string, v url.Values, auth
 	}
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	if authStyle == AuthStyleInHeader {
-		req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))
+		// NOTE: This should be query-escaped, however the Aviva OAuth
+		// server does not accept query-escaped credentials.
+		req.SetBasicAuth(clientID, clientSecret)
 	}
 	return req, nil
 }
diff --git a/oauth2_test.go b/oauth2_test.go
index 37f0580d7..2a9d09273 100644
--- a/oauth2_test.go
+++ b/oauth2_test.go
@@ -74,7 +74,7 @@ func TestAuthCodeURL_Optional(t *testing.T) {
 
 func TestURLUnsafeClientConfig(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if got, want := r.Header.Get("Authorization"), "Basic Q0xJRU5UX0lEJTNGJTNGOkNMSUVOVF9TRUNSRVQlM0YlM0Y="; got != want {
+		if got, want := r.Header.Get("Authorization"), "Basic Q0xJRU5UX0lEPz86Q0xJRU5UX1NFQ1JFVD8/"; got != want {
 			t.Errorf("Authorization header = %q; want %q", got, want)
 		}
 

From d15e4420aaae9f4ed0219cb940853133a23a7567 Mon Sep 17 00:00:00 2001
From: Shivam Acharya <shivam.acharya@aviva.com>
Date: Thu, 8 Feb 2024 11:07:30 +0000
Subject: [PATCH 02/18] feat(VER-5669): Add client with xray

---
 clientcredentials/clientcredentials.go | 12 ++++++++++
 go.mod                                 | 14 ++++++++++-
 go.sum                                 | 32 ++++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/clientcredentials/clientcredentials.go b/clientcredentials/clientcredentials.go
index 2459d069f..b694ae1a7 100644
--- a/clientcredentials/clientcredentials.go
+++ b/clientcredentials/clientcredentials.go
@@ -20,6 +20,7 @@ import (
 	"net/url"
 	"strings"
 
+	"github.com/aws/aws-xray-sdk-go/xray"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/internal"
 )
@@ -71,6 +72,17 @@ func (c *Config) Client(ctx context.Context) *http.Client {
 	return oauth2.NewClient(ctx, c.TokenSource(ctx))
 }
 
+func (c *Config) ClientWithXRay(ctx context.Context, hc *http.Client) *http.Client {
+	if hc == nil {
+		hc = http.DefaultClient
+	}
+
+	client := xray.Client(hc)
+	ctx = context.WithValue(ctx, oauth2.HTTPClient, client)
+
+	return oauth2.NewClient(ctx, c.TokenSource(ctx))
+}
+
 // TokenSource returns a TokenSource that returns t until t expires,
 // automatically refreshing it as necessary using the provided context and the
 // client ID and client secret.
diff --git a/go.mod b/go.mod
index fd0d0a369..04e1d5db3 100644
--- a/go.mod
+++ b/go.mod
@@ -4,13 +4,25 @@ go 1.18
 
 require (
 	cloud.google.com/go/compute/metadata v0.2.3
+	github.com/aws/aws-xray-sdk-go v1.8.3
 	github.com/google/go-cmp v0.5.9
 	google.golang.org/appengine v1.6.7
 )
 
 require (
-	cloud.google.com/go/compute v1.20.1 // indirect
+	cloud.google.com/go/compute v1.23.0 // indirect
+	github.com/andybalholm/brotli v1.0.6 // indirect
+	github.com/aws/aws-sdk-go v1.47.9 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/klauspost/compress v1.17.2 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/valyala/fasthttp v1.50.0 // indirect
 	golang.org/x/net v0.18.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 5a507e3a2..b3abae00d 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,16 @@
 cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
 cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
+cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
+cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
+github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
+github.com/aws/aws-sdk-go v1.47.9 h1:rarTsos0mA16q+huicGx0e560aYRtOucV5z2Mw23JRY=
+github.com/aws/aws-sdk-go v1.47.9/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-xray-sdk-go v1.8.3 h1:S8GdgVncBRhzbNnNUgTPwhEqhwt2alES/9rLASyhxjU=
+github.com/aws/aws-xray-sdk-go v1.8.3/go.mod h1:tv8uLMOSCABolrIF8YCcp3ghyswArsan8dfLCA1ZATk=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
@@ -9,18 +18,41 @@ github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4=
+github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasthttp v1.50.0 h1:H7fweIlBm0rXLs2q0XbalvJ6r0CUPFWK3/bB4N13e9M=
+github.com/valyala/fasthttp v1.50.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
 golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

From ae09b667a859dc54b62af0989977ba0af4cab93a Mon Sep 17 00:00:00 2001
From: Shivam Acharya <shivam.acharya@aviva.com>
Date: Thu, 8 Feb 2024 13:53:51 +0000
Subject: [PATCH 03/18] feat(VER-5669): Add Signer to jwt package

---
 jwt/jwt.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/jwt/jwt.go b/jwt/jwt.go
index b2bf18298..1d5cf9417 100644
--- a/jwt/jwt.go
+++ b/jwt/jwt.go
@@ -29,6 +29,8 @@ var (
 	defaultHeader    = &jws.Header{Algorithm: "RS256", Typ: "JWT"}
 )
 
+type Signer = jws.Signer
+
 // Config is the configuration for using JWT to fetch tokens,
 // commonly known as "two-legged OAuth 2.0".
 type Config struct {

From 20a2b1ac9eb7d1031d53c973f03f1c063ee408d5 Mon Sep 17 00:00:00 2001
From: Joe M <joseph.mcgrath@aviva.com>
Date: Thu, 8 Feb 2024 15:58:50 +0000
Subject: [PATCH 04/18] chore(VER-5669): Deprecate Client in
 clientcredentials.go

---
 clientcredentials/clientcredentials.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clientcredentials/clientcredentials.go b/clientcredentials/clientcredentials.go
index b694ae1a7..3bfcf690e 100644
--- a/clientcredentials/clientcredentials.go
+++ b/clientcredentials/clientcredentials.go
@@ -68,10 +68,20 @@ func (c *Config) Token(ctx context.Context) (*oauth2.Token, error) {
 // is returned. See the oauth2.HTTPClient variable.
 //
 // The returned Client and its Transport should not be modified.
+//
+// Deprecated: Client exists for historical compatibility and should not be
+// used. It is recommended to use ClientWithXRay instead, as it provides much better visibility into the client's behavior.
 func (c *Config) Client(ctx context.Context) *http.Client {
 	return oauth2.NewClient(ctx, c.TokenSource(ctx))
 }
 
+// ClientWithXRay returns an HTTP client using the provided token with an attached XRay client..
+// The token will auto-refresh as necessary.
+//
+// The provided context optionally controls which HTTP client
+// is returned. See the oauth2.HTTPClient variable.
+//
+// The returned Client and its Transport should not be modified.
 func (c *Config) ClientWithXRay(ctx context.Context, hc *http.Client) *http.Client {
 	if hc == nil {
 		hc = http.DefaultClient

From 85c2abb2698482aaa2278c10271eec6471a684c3 Mon Sep 17 00:00:00 2001
From: Vikram Parikh <vikram.parikh@aviva.com>
Date: Wed, 14 Feb 2024 10:59:24 +0000
Subject: [PATCH 05/18] fix(VER-5669): add SignerProvider to jwt package

---
 jwt/jwt.go | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/jwt/jwt.go b/jwt/jwt.go
index 1d5cf9417..a01f02cce 100644
--- a/jwt/jwt.go
+++ b/jwt/jwt.go
@@ -10,6 +10,7 @@ package jwt
 
 import (
 	"context"
+	"crypto/rsa"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -48,6 +49,11 @@ type Config struct {
 	//
 	PrivateKey []byte
 
+	// SignerProvider is a function that is used to create a Signer from the
+	// PrivateKeyID which is then used to sign JWT payloads. This takes
+	// precedence over default signer using the PrivateKey.
+	SignerProvider func(privateKeyID string) (Signer, error)
+
 	// PrivateKeyID contains an optional hint indicating which key is being
 	// used.
 	PrivateKeyID string
@@ -101,10 +107,6 @@ type jwtSource struct {
 }
 
 func (js jwtSource) Token() (*oauth2.Token, error) {
-	pk, err := internal.ParseKey(js.conf.PrivateKey)
-	if err != nil {
-		return nil, err
-	}
 	hc := oauth2.NewClient(js.ctx, nil)
 	claimSet := &jws.ClaimSet{
 		Iss:           js.conf.Email,
@@ -126,7 +128,23 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 	}
 	h := *defaultHeader
 	h.KeyID = js.conf.PrivateKeyID
-	payload, err := jws.Encode(&h, claimSet, pk)
+	var err error
+	payload := ""
+	if js.conf.SignerProvider == nil {
+		var pk *rsa.PrivateKey
+		pk, err = internal.ParseKey(js.conf.PrivateKey)
+		if err != nil {
+			return nil, err
+		}
+		payload, err = jws.Encode(&h, claimSet, pk)
+	} else {
+		var signer jws.Signer
+		signer, err = js.conf.SignerProvider(h.KeyID)
+		if err != nil {
+			return nil, err
+		}
+		payload, err = jws.EncodeWithSigner(&h, claimSet, signer)
+	}
 	if err != nil {
 		return nil, err
 	}

From 4245bf40445889373c71482cb159dac12dc6e4a8 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Thu, 29 Feb 2024 14:42:28 +0000
Subject: [PATCH 06/18] chore(ver-16326): added workflow

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 38 ++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .github/workflows/sync_upstream.yaml

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
new file mode 100644
index 000000000..8fed8aa41
--- /dev/null
+++ b/.github/workflows/sync_upstream.yaml
@@ -0,0 +1,38 @@
+# for reference: https://stackoverflow.com/questions/23793062/can-forks-be-synced-automatically-in-github
+# .github/workflows/example.yml
+
+name: Sync upstream oauth2 repo
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron:  '0 9 * * 1'
+    # run once a week on monday morning
+    # if it fails
+    #   send slack message (iw-engineering or integration-inovators)
+    
+
+permissions:
+  contents: write
+
+jobs:
+  merge:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Merge upstream
+        run: |
+          git config --global user.name 'upstream-sync-bot'
+          git config --global user.email 'upstream-sync-bot@users.noreply.github.com'
+          git config --global push.followTags true
+
+          git pull 
+
+          git remote add upstream https://github.com/golang/oauth2.git
+          git fetch --tags upstream
+
+          git checkout master
+          git merge --allow-unrelated-histories --no-edit upstream/master
+          git push origin master 
+
+

From 7d36e50abef5c339448140e5921052651e9baff9 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Mon, 4 Mar 2024 14:18:31 +0000
Subject: [PATCH 07/18] feat(ver-16326): Added slack on failure message

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index 8fed8aa41..d8b32ec99 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -35,4 +35,13 @@ jobs:
           git merge --allow-unrelated-histories --no-edit upstream/master
           git push origin master 
 
+      - name: On Fail, Send Message About Merge to Slack
+        if: ${{ failure() }}
+        uses: archive/github-actions-slack@v2.8.0
+        id: notify-slack
+        with:
+          slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          slack-channel: ${{ secrets.SLACK_BOT_INTEGRATION_INNOVATORS_CHANNEL }} #USE CHANNEL ID, NOT CHANNEL NAME, SINCE ID IS USED IN NEW SLACK API's
+          slack-text: |
+            OAuth2 fork upstream sync failed. [action](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
 

From 6e3bcd6d33dd6e00c7835e60b072435ec07d6063 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Wed, 6 Mar 2024 11:25:08 +0000
Subject: [PATCH 08/18] feat(ver-16326): fix

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index d8b32ec99..ff772547c 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -40,8 +40,10 @@ jobs:
         uses: archive/github-actions-slack@v2.8.0
         id: notify-slack
         with:
-          slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN  }}
           slack-channel: ${{ secrets.SLACK_BOT_INTEGRATION_INNOVATORS_CHANNEL }} #USE CHANNEL ID, NOT CHANNEL NAME, SINCE ID IS USED IN NEW SLACK API's
           slack-text: |
             OAuth2 fork upstream sync failed. [action](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
 
+      - name: Send Slack Message Result
+        run: echo "${{ steps.send-message.outputs.slack-result }}"

From 71a2ed510a5198464b8629f1f588bd0beaa9e889 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Wed, 6 Mar 2024 11:28:31 +0000
Subject: [PATCH 09/18] feat(ver-16326): fix

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index ff772547c..d8060871d 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -46,4 +46,5 @@ jobs:
             OAuth2 fork upstream sync failed. [action](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
 
       - name: Send Slack Message Result
+        if: ${{ failure() }}
         run: echo "${{ steps.send-message.outputs.slack-result }}"

From d83dbb0d01fcf852eac091fe0e5c4940328efe2b Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Wed, 6 Mar 2024 11:30:50 +0000
Subject: [PATCH 10/18] feat(ver-16326): fix

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index d8060871d..56cd6cd9e 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -47,4 +47,4 @@ jobs:
 
       - name: Send Slack Message Result
         if: ${{ failure() }}
-        run: echo "${{ steps.send-message.outputs.slack-result }}"
+        run: echo "${{ steps.notify-slack.outputs.slack-result }}"

From efb951e0c7299e5a8a68ff7e36ef5b2cdaec8218 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Wed, 6 Mar 2024 11:36:51 +0000
Subject: [PATCH 11/18] feat(ver-16326): test

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index 56cd6cd9e..336bbd961 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -47,4 +47,4 @@ jobs:
 
       - name: Send Slack Message Result
         if: ${{ failure() }}
-        run: echo "${{ steps.notify-slack.outputs.slack-result }}"
+        run: echo "${{ steps.notify-slack.outputs }}"

From 5ea60906458637a1cb92927659a42223261ff4d1 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Wed, 6 Mar 2024 11:41:42 +0000
Subject: [PATCH 12/18] feat(ver-16326): adding debugging

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index 336bbd961..1c782f9aa 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -39,6 +39,8 @@ jobs:
         if: ${{ failure() }}
         uses: archive/github-actions-slack@v2.8.0
         id: notify-slack
+        env:
+          ACTIONS_STEP_DEBUG: true
         with:
           slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN  }}
           slack-channel: ${{ secrets.SLACK_BOT_INTEGRATION_INNOVATORS_CHANNEL }} #USE CHANNEL ID, NOT CHANNEL NAME, SINCE ID IS USED IN NEW SLACK API's

From e77c6b0b6225bed73793bbe679e21f14a1da0d71 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Wed, 6 Mar 2024 11:44:40 +0000
Subject: [PATCH 13/18] feat(ver-16326): debugging fix

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index 1c782f9aa..26621318e 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -49,4 +49,4 @@ jobs:
 
       - name: Send Slack Message Result
         if: ${{ failure() }}
-        run: echo "${{ steps.notify-slack.outputs }}"
+        run: echo "${{ steps.notify-slack.outputs.slack-result }}"

From a9a560883c8dd63a0e1546dcc1f297f360a83308 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Wed, 6 Mar 2024 12:06:03 +0000
Subject: [PATCH 14/18] feat(ver-16326): debugging fix

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index 26621318e..29ac8b2ff 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -41,6 +41,7 @@ jobs:
         id: notify-slack
         env:
           ACTIONS_STEP_DEBUG: true
+          ACTIONS_RUNNER_DEBUG: true
         with:
           slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN  }}
           slack-channel: ${{ secrets.SLACK_BOT_INTEGRATION_INNOVATORS_CHANNEL }} #USE CHANNEL ID, NOT CHANNEL NAME, SINCE ID IS USED IN NEW SLACK API's

From a473851ecfe31016a6541925359d2a1250c2cce1 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Wed, 6 Mar 2024 14:24:28 +0000
Subject: [PATCH 15/18] feat(ver-16326): debugging fix

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index 29ac8b2ff..81130113a 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -43,7 +43,7 @@ jobs:
           ACTIONS_STEP_DEBUG: true
           ACTIONS_RUNNER_DEBUG: true
         with:
-          slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN  }}
+          slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_TOKEN }}
           slack-channel: ${{ secrets.SLACK_BOT_INTEGRATION_INNOVATORS_CHANNEL }} #USE CHANNEL ID, NOT CHANNEL NAME, SINCE ID IS USED IN NEW SLACK API's
           slack-text: |
             OAuth2 fork upstream sync failed. [action](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})

From 371c7e40731f107608ab31b9d8fe23d6e9228a43 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Wed, 6 Mar 2024 14:59:14 +0000
Subject: [PATCH 16/18] feat(ver-16326): fix

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index 81130113a..5acb8064d 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -17,6 +17,7 @@ permissions:
 
 jobs:
   merge:
+    secrets: inherit
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4

From d3a54eac642548b5851e2b69732551749a232973 Mon Sep 17 00:00:00 2001
From: Dumitru Vulpe <dumitru.vulpe@aviva.com>
Date: Wed, 6 Mar 2024 15:05:07 +0000
Subject: [PATCH 17/18] feat(ver-16326): fix

Signed-off-by: Dumitru Vulpe <dumitru.vulpe@aviva.com>
---
 .github/workflows/sync_upstream.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index 5acb8064d..6a0da2051 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -17,8 +17,8 @@ permissions:
 
 jobs:
   merge:
-    secrets: inherit
     runs-on: ubuntu-latest
+    secrets: inherit
     steps:
       - uses: actions/checkout@v4
       - name: Merge upstream

From 9d804a221f00f037b56942feec493250bc59bf9e Mon Sep 17 00:00:00 2001
From: Ed Ingold <edward.ingold@aviva.com>
Date: Thu, 16 May 2024 10:35:32 +0100
Subject: [PATCH 18/18] fix(VER-16326): remove invalid secrets field.

---
 .github/workflows/sync_upstream.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/sync_upstream.yaml b/.github/workflows/sync_upstream.yaml
index 6a0da2051..81130113a 100644
--- a/.github/workflows/sync_upstream.yaml
+++ b/.github/workflows/sync_upstream.yaml
@@ -18,7 +18,6 @@ permissions:
 jobs:
   merge:
     runs-on: ubuntu-latest
-    secrets: inherit
     steps:
       - uses: actions/checkout@v4
       - name: Merge upstream