MCPcopy Create free account
hub / github.com/UsefulSoftwareCo/executor / refreshDeviceTokens

Function refreshDeviceTokens

apps/cli/src/device-login.ts:285–312  ·  view source on GitHub ↗
(input: {
  readonly tokenEndpoint: string;
  readonly clientId: string;
  readonly refreshToken: string;
})

Source from the content-addressed store, hash-verified

283 * providers that issue refresh tokens reach here (WorkOS, which is form-encoded
284 * per RFC 8628); Better Auth's device flow issues no refresh token. */
285export const refreshDeviceTokens = async (input: {
286 readonly tokenEndpoint: string;
287 readonly clientId: string;
288 readonly refreshToken: string;
289}): Promise<DeviceTokens> => {
290 const response = await post(
291 input.tokenEndpoint,
292 {
293 grant_type: "refresh_token",
294 refresh_token: input.refreshToken,
295 client_id: input.clientId,
296 },
297 "form",
298 );
299 const body = await readJson(response);
300 if (!response.ok) {
301 throw new DeviceLoginError(
302 `Token refresh failed: ${asString(body.error_description) ?? asString(body.error) ?? `HTTP ${response.status}`}`,
303 );
304 }
305 const accessToken = asString(body.access_token);
306 if (!accessToken) throw new DeviceLoginError("Refresh response was missing an access token.");
307 return {
308 accessToken,
309 refreshToken: asString(body.refresh_token) ?? input.refreshToken,
310 expiresAt: deriveExpiresAt({ accessToken, expiresIn: asNumber(body.expires_in) }),
311 };
312};
313
314export type BrowserOpenCommand = readonly [command: string, args: ReadonlyArray<string>];
315

Callers 1

refreshOAuthConnectionFunction · 0.90

Calls 5

readJsonFunction · 0.85
asStringFunction · 0.85
deriveExpiresAtFunction · 0.85
asNumberFunction · 0.85
postFunction · 0.70

Tested by

no test coverage detected