/locations/search requires locations.readonly which GHL never includes in
company-level OAuth tokens. /oauth/installedLocations uses oauth.readonly,
which is always present in company tokens, and returns only locations where
this app is actually installed.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
GHL includes installedLocations[] in the company-level token response for
bulk installs. Use those IDs directly to avoid calling /locations/search,
which requires locations.readonly scope that GHL doesn't grant. Falls back
to /locations/search only when the list is absent. Also adds raw_body and
installed_locations fields to token response debug logging.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
GHL issues a Company-scoped token (userType=Company) for bulk/agency
installs even when Target User=Sub-account. This fix handles that case:
1. Detect userType=Company in HandleCallback
2. Call GET /locations/search to enumerate all company locations
3. For each location call POST /oauth/locationToken to get a
Location-scoped token (userType=Location, includes locationId)
4. Store each location token individually in MongoDB
This allows webhook delivery and status updates to work per-location
without requiring the agency admin to re-install per sub-account.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Complete MVP implementation of the Cast GHL Conversation Provider bridge:
- Go module setup with chi router and mongo-driver dependencies
- Config loading with env var validation and defaults
- MongoDB token store with upsert, get, update, delete operations
- Cast.ph SMS client with 429 retry logic and typed errors
- Phone number normalization (E.164 ↔ Philippine local format)
- GHL OAuth 2.0 install/callback/refresh flow
- GHL webhook handler with ECDSA signature verification (async dispatch)
- GHL API client for message status updates and inbound message stubs
- Multi-stage Dockerfile, docker-compose with MongoDB, Woodpecker CI pipeline
- Unit tests for phone normalization, Cast client, GHL webhook, and OAuth handlers
Co-Authored-By: SideKx <sidekx.ai@sds.dev>
