Skip to content

fix(oauth): Retain refresh token when providers omit rotation#775

Open
Elih96 wants to merge 1 commit into
getsentry:mainfrom
Elih96:fix/oauth-refresh-token-retention
Open

fix(oauth): Retain refresh token when providers omit rotation#775
Elih96 wants to merge 1 commit into
getsentry:mainfrom
Elih96:fix/oauth-refresh-token-retention

Conversation

@Elih96

@Elih96 Elih96 commented Jul 7, 2026

Copy link
Copy Markdown

Plugin OAuth refreshes now keep the stored refresh token when a provider returns a new access token without a refresh_token. This covers providers like Asana that do not rotate refresh tokens on refresh; previously those responses were rejected, so plugin auth failed consistently after the access token expired.

Fresh authorization responses still require a refresh token, and explicitly invalid refresh token values are still rejected instead of silently falling back to the stored credential. Verified with pnpm --filter @sentry/junior exec vitest run tests/unit/plugins/oauth-token-response.test.ts.

Co-Authored-By: Codex <codex@openai.com>
@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown

@Elih96 is attempting to deploy a commit to the Sentry Team on Vercel.

A member of the Team first needs to authorize it.

@Elih96 Elih96 marked this pull request as ready for review July 7, 2026 14:42
@github-actions github-actions Bot added the risk: medium PR risk score: medium label Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

risk: medium PR risk score: medium

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant