fix: preserve refresh token when server omits it from refresh response#47
Open
elijahr wants to merge 1 commit intoanomalyco:masterfrom
Open
fix: preserve refresh token when server omits it from refresh response#47elijahr wants to merge 1 commit intoanomalyco:masterfrom
elijahr wants to merge 1 commit intoanomalyco:masterfrom
Conversation
When refreshing OAuth tokens, if the server doesn't return a new refresh_token (standard OAuth2 behavior), preserve the existing one instead of overwriting with undefined. Also adds test infrastructure: - 17 tests covering token refresh, headers, tool prefixing, sanitization - CI workflow for running tests on push/PR
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the issue where users have to re-authenticate frequently (sometimes hourly) because the refresh token gets lost.
Fixes #12
Problem
When refreshing OAuth tokens, if the Anthropic server doesn't return a new
refresh_tokenin the response (standard OAuth2 behavior - servers often only rotate refresh tokens periodically), the existing refresh token was being overwritten withundefined:This caused:
TypeError: undefined is not an object (evaluating 'auth.type')Reported in #12 by @randomm:
Fix
Preserve the existing refresh token when the server doesn't return a new one:
Tests
Added test infrastructure (previously none existed):