Add refresh_expires_in to OAuth token responses#756
Merged
rickyrombo merged 1 commit intomainfrom Apr 8, 2026
Merged
Conversation
Returns the refresh token TTL (30 days) in both the authorization code exchange and refresh token grant responses, allowing clients to track refresh token expiry and surface accurate session state. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
6 tasks
rickyrombo
added a commit
to AudiusProject/apps
that referenced
this pull request
Apr 8, 2026
## Summary - Adds `getAccessTokenExpiry()` / `getRefreshTokenExpiry()` to `OAuthTokenStore` interface and all three implementations (Memory, LocalStorage, AsyncStorage) - `isAuthenticated()` now checks token expiry — returns false when refresh token is expired, attempts silent refresh when access token is expired - `getUser()` retries once with a refreshed token on 401 instead of immediately throwing - `setTokens()` now accepts optional `expiresIn` / `refreshExpiresIn` (seconds), which are persisted as absolute epoch timestamps **Note:** Companion API change to return `refresh_expires_in` in the token response: AudiusProject/api#756 ## Test plan - [x] All existing OAuth tests pass (74/74) - [ ] `isAuthenticated()` returns false when refresh token is expired - [ ] `isAuthenticated()` silently refreshes when access token is expired but refresh token is valid - [ ] `getUser()` retries and succeeds after token refresh on 401 - [ ] `getUser()` throws when both initial request and refresh fail - [ ] Token expiry survives page reload (localStorage) and app restart (AsyncStorage) 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
refresh_expires_infield (30 days in seconds) to both the authorization code exchange and refresh token grant responsesTest plan
POST /v1/oauth/token(authorization_code grant) response includesrefresh_expires_in: 2592000POST /v1/oauth/token(refresh_token grant) response includesrefresh_expires_in: 2592000expires_infield unchanged (still 3600)🤖 Generated with Claude Code