Skip to content

[codex] fix OAuth refresh resource#5

Merged
tiankaima merged 1 commit into
mainfrom
codex/oauth-refresh-resource-fix
Jul 1, 2026
Merged

[codex] fix OAuth refresh resource#5
tiankaima merged 1 commit into
mainfrom
codex/oauth-refresh-resource-fix

Conversation

@tiankaima

Copy link
Copy Markdown
Member

Summary

  • Send the OAuth resource indicator during refresh-token grants.
  • Preserve the existing credential save path so rotated refresh tokens replace cached tokens.

Root Cause

golang.org/x/oauth2 TokenSource cannot attach extra refresh grant parameters. Without resource, production can issue an opaque access token that REST endpoints reject.

Validation

  • go test ./internal/auth ./internal/api ./internal/cmd/authcmd
  • go build -o ./life-ustc ./cmd/life-ustc
  • Manual mock flow: opaque cached token -> 401 -> resource-bound refresh -> retried todo request succeeds

@tiankaima
tiankaima merged commit 919c67f into main Jul 1, 2026
2 checks passed
@tiankaima
tiankaima deleted the codex/oauth-refresh-resource-fix branch July 1, 2026 05:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant