You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/auth.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -194,7 +194,7 @@ Tokens are stored in the operating system keyring:
194
194
195
195
The config file stores profile settings, not access tokens.
196
196
197
-
Current known gap: automatic refresh-token handling is not yet release-grade. If a token expires and refresh does not happen, commands return `AUTH_TOKEN_EXPIRED` and the user must run `teams auth login` again.
197
+
The CLI automatically redeems the stored refreshtoken when an access token is expired or near expiry, then updates the keyring with the refreshed token. If no refresh token is stored, or the identity platform rejects the refresh request, commands return `AUTH_TOKEN_EXPIRED` and the user must run `teams auth login` again.
Copy file name to clipboardExpand all lines: docs/release-readiness.md
+9-10Lines changed: 9 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,7 +29,7 @@ Live read-only validation passed against the OSO profile:
29
29
Known live behavior:
30
30
31
31
- Some meeting chats can appear in `chat list` but reject message reads with `403` if the user is no longer in the roster.
32
-
- Stored token expiry currently requires manual re-login.
32
+
- Stored token expiry is handled through refresh-token redemption when a refresh token is available. `AUTH_TOKEN_EXPIRED` still means the refresh token is missing, expired, revoked, or rejected by the identity platform.
33
33
34
34
Entra app registration status as of 2026-05-27:
35
35
@@ -120,15 +120,14 @@ Dependabot is configured to group GitHub Actions updates into one PR so the comp
120
120
These must be resolved before marketing this as production-ready for external customers:
121
121
122
122
1. Publisher verification for the OSO Entra app.
123
-
2. Automatic refresh-token handling and tests.
124
-
3. Windows live validation using Windows Credential Manager.
125
-
4. Controlled write/read smoke test in a dedicated Teams test channel.
126
-
5. Documented admin-consent onboarding flow for customer tenants.
127
-
6. Clear policy for unsupported Graph operations, tenant restrictions, and destructive commands.
128
-
7. Security review of token storage, logs, and exported token behavior.
129
-
8. Versioned release notes and upgrade guidance.
130
-
9. Public website HTTPS fixed for `https://msteamscli.com/`; HTTP is live, but the current TLS certificate does not cover the hostname.
131
-
10. Terms of service URL published and added to the Entra app branding.
123
+
2. Windows live validation using Windows Credential Manager.
124
+
3. Controlled write/read smoke test in a dedicated Teams test channel.
125
+
4. Documented admin-consent onboarding flow for customer tenants.
126
+
5. Clear policy for unsupported Graph operations, tenant restrictions, and destructive commands.
127
+
6. Security review of token storage, logs, and exported token behavior.
128
+
7. Versioned release notes and upgrade guidance.
129
+
8. Public website HTTPS fixed for `https://msteamscli.com/`; HTTP is live, but the current TLS certificate does not cover the hostname.
130
+
9. Terms of service URL published and added to the Entra app branding.
0 commit comments