github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 05:52:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(oauth): harden refresh token refresh-response validation

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 13:44:04 +01:00
parent 24d18d0d72
commit 6cb7e16d40
5 changed files with 93 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/agents/chutes-oauth.ts
View File

@@ -218,6 +218,7 @@ export async function refreshChutesTokens(params: {
return {
...params.credential,
access,
// RFC 6749 section 6: new refresh token is optional; if present, replace old.
refresh: newRefresh || refreshToken,
expires: coerceExpiresAt(expiresIn, now),
clientId,