Skip to content

fix(oauth): fix oauth credential refresh when the original token exchange was done in a different process #509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 4, 2025
Merged

fix(oauth): fix oauth credential refresh when the original token exchange was done in a different process #509

merged 1 commit into from
Nov 4, 2025
+10 −26

Conversation

@gpeal
Copy link
Contributor

@gpeal gpeal commented Nov 4, 2025

Motivation and Context

Codex has gotten internal and external reports of MCP servers frequently logging out (openai/codex#6164).

I tracked it down to the fact that auth.rs was using an in-memory expires-at which is only set on initial token exchange. Instead, this PR switches it to use the expires-at set in the credentials that are passed in.

How Has This Been Tested?

Validated with the notion mcp that it had an expired token, did not refresh the token before and does now.

Breaking Changes

None

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

@github-actions github-actions bot added T-core Core library changes T-transport Transport layer changes labels Nov 4, 2025
@JaviSoto JaviSoto mentioned this pull request Nov 4, 2025
Closed
@gpeal
fix(oauth): fix oauth credential refresh
be2bc3e 
auth.rs was using an in-memory expires-at which is only set on initial token exchange.
Instead, this PR switches it to use the expires-at set in the credentials that are passed in.
@gpeal gpeal force-pushed the gpeal/refresh-token-fix branch from c02f1b5 to be2bc3e Compare November 4, 2025 21:09
@alexhancock alexhancock merged commit dcbeb9b into modelcontextprotocol:main Nov 4, 2025
11 checks passed
@github-actions github-actions bot mentioned this pull request Nov 3, 2025
Merged
@gpeal gpeal mentioned this pull request Nov 4, 2025
Merged
gpeal added a commit to openai/codex that referenced this pull request Nov 5, 2025
@gpeal
Upgrade rmcp to 0.8.4 (#6234)
9b538a8 
Picks up modelcontextprotocol/rust-sdk#509 which
fixes #6164
@enriquemorenotent
Copy link

enriquemorenotent commented Nov 5, 2025

The problem persists in 0.54

@alexhancock
Copy link
Contributor

alexhancock commented Nov 5, 2025

@enriquemorenotent Do you mean 0.8.4 and above?

cc @gpeal

Holovkat pushed a commit to Holovkat/codex-pro that referenced this pull request Nov 8, 2025
@gpeal @Holovkat
Upgrade rmcp to 0.8.4 (#6234)
d78f7df 
Picks up modelcontextprotocol/rust-sdk#509 which
fixes openai/codex#6164
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexhancock alexhancock alexhancock approved these changes

Assignees

No one assigned

Labels

T-core Core library changes T-transport Transport layer changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gpeal @enriquemorenotent @alexhancock