From fff274f4ca1cdb5278537220e59ed57b2eb680c0 Mon Sep 17 00:00:00 2001
From: Ernesto Tagwerker <ernesto+github@ombulabs.com>
Date: Tue, 12 May 2026 08:55:28 -0400
Subject: [PATCH] Render raw token from @raw_token instead of flash

The earlier review fix moved the raw token off `flash` onto an instance
variable to avoid serializing it into the session cookie, but the view
kept reading `flash[:raw_token]`. As a result the success banner shows
after creation but the actual token never renders, so users can't copy it.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 app/views/personal_access_tokens/index.html.erb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/views/personal_access_tokens/index.html.erb b/app/views/personal_access_tokens/index.html.erb
index ba185d1..d83f142 100644
--- a/app/views/personal_access_tokens/index.html.erb
+++ b/app/views/personal_access_tokens/index.html.erb
@@ -1,9 +1,9 @@
 <p style="color: green"><%= notice %></p>
 
-<% if flash[:raw_token].present? %>
+<% if @raw_token.present? %>
   <div class="mb-6 p-4 border rounded bg-yellow-50">
     <p class="font-semibold mb-2">Your new token (copy it now — it won't be shown again):</p>
-    <code class="block p-2 bg-white border rounded break-all"><%= flash[:raw_token] %></code>
+    <code class="block p-2 bg-white border rounded break-all"><%= @raw_token %></code>
   </div>
 <% end %>