Made token refresh code resilient to missing id_token
#5782
Conversation
|
@codex review |
|
Codex Review: Something went wrong. Try again later by commenting “@codex review”. ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
Codex Review: Something went wrong. Try again later by commenting “@codex review”. ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
codex-rs/core/src/client.rs
Outdated
| { | ||
| let _ = manager.refresh_token().await; | ||
| manager | ||
| .refresh_token() |
There was a problem hiding this comment.
Will this throw for API keys? We have this in refresh_token
pub async fn refresh_token(&self) -> Result<String, std::io::Error> {
tracing::info!("Refreshing token");
let token_data = self
.get_current_token_data()
.ok_or(std::io::Error::other("Token data is not available."))?;
There was a problem hiding this comment.
We should also prefix the message.
This PR does the following:
try_refresh_tokento handle the case where the endpoint returns a response without anid_token. The OpenID spec indicates that this field is optional and clients should not assume it's present.attempt_stream_responsesto propagate token refresh errors rather than silently ignoring them.This PR does not implement the additional suggestion from @pakrym-oai that we should sign out when receiving
refresh_token_expiredfrom the refresh endpoint. Leaving this as a follow-on because I'm undecided on whether this should be implemented intry_refresh_tokenor its callers.