Skip to content

Commit b967c13

Browse files
DaleSeoDaleSeo
authored
fix: improve error logging and remove token secret from logs (#685)
1 parent 93bfb4a commit b967c13

1 file changed

Lines changed: 8 additions & 5 deletions

File tree

crates/rmcp/src/transport/auth.rs

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -992,6 +992,9 @@ impl AuthorizationManager {
992992
}
993993
}
994994

995+
// When expiry info is unavailable (e.g., credentials stored before
996+
// token_received_at was tracked), skip the expiry check and return
997+
// the token as-is.
995998
Ok(creds.access_token().secret().to_string())
996999
}
9971000

@@ -1005,8 +1008,8 @@ impl AuthorizationManager {
10051008
tracing::info!("Refreshed access token.");
10061009
Ok(new_creds.access_token().secret().to_string())
10071010
}
1008-
Err(AuthError::AuthorizationRequired | AuthError::TokenRefreshFailed(_)) => {
1009-
tracing::warn!("Token refresh not possible, re-authorization required.");
1011+
Err(e @ (AuthError::AuthorizationRequired | AuthError::TokenRefreshFailed(_))) => {
1012+
tracing::warn!(error = %e, "Token refresh not possible, re-authorization required.");
10101013
Err(AuthError::AuthorizationRequired)
10111014
}
10121015
Err(e) => Err(e),
@@ -1030,7 +1033,7 @@ impl AuthorizationManager {
10301033
let refresh_token = current_credentials.refresh_token().ok_or_else(|| {
10311034
AuthError::TokenRefreshFailed("No refresh token available".to_string())
10321035
})?;
1033-
debug!("refresh token: {:?}", refresh_token);
1036+
debug!("refresh token present, attempting refresh");
10341037

10351038
let token_result = oauth_client
10361039
.exchange_refresh_token(&RefreshToken::new(refresh_token.secret().to_string()))
@@ -2680,6 +2683,8 @@ mod tests {
26802683

26812684
// -- get_access_token --
26822685

2686+
use super::{OAuthTokenResponse, StoredCredentials};
2687+
26832688
fn make_token_response(access_token: &str, expires_in_secs: Option<u64>) -> OAuthTokenResponse {
26842689
use oauth2::{AccessToken, EmptyExtraTokenFields, basic::BasicTokenType};
26852690
let mut resp = OAuthTokenResponse::new(
@@ -2693,8 +2698,6 @@ mod tests {
26932698
resp
26942699
}
26952700

2696-
use super::{OAuthTokenResponse, StoredCredentials};
2697-
26982701
#[tokio::test]
26992702
async fn get_access_token_returns_error_when_no_credentials() {
27002703
let manager = AuthorizationManager::new("http://localhost").await.unwrap();

0 commit comments

Comments
 (0)