fix(codex): log account on token refresh failure

Author: MarvekG

cmd/fetch_codex_models/main.go

@@ -195,7 +195,7 @@ func ensureAccessToken(ctx context.Context, store *sdkauth.FileTokenStore, auth
 	}
 
 	svc := codexauth.NewCodexAuthWithProxyURL(nil, auth.ProxyURL)
-	tokenData, errRefresh := svc.RefreshTokensWithRetry(ctx, refreshToken, 3)
+	tokenData, errRefresh := svc.RefreshTokensWithRetry(ctx, refreshToken, 3, auth.ID)
 	if errRefresh != nil {
 		return "", false, errRefresh
 	}

internal/auth/codex/openai_auth.go

@@ -274,7 +274,7 @@ func (o *CodexAuth) CreateTokenStorage(bundle *CodexAuthBundle) *CodexTokenStora
 // RefreshTokensWithRetry refreshes tokens with a built-in retry mechanism.
 // It attempts to refresh the tokens up to a specified maximum number of retries,
 // with an exponential backoff strategy to handle transient network errors.
-func (o *CodexAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (*CodexTokenData, error) {
+func (o *CodexAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int, authID string) (*CodexTokenData, error) {
 	var lastErr error
 
 	for attempt := 0; attempt < maxRetries; attempt++ {
@@ -292,12 +292,12 @@ func (o *CodexAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken str
 			return tokenData, nil
 		}
 		if isNonRetryableRefreshErr(err) {
-			log.Warnf("Token refresh attempt %d failed with non-retryable error: %v", attempt+1, err)
+			log.Warnf("Token refresh attempt %d for auth %s failed with non-retryable error: %v", attempt+1, authID, err)
 			return nil, err
 		}
 
 		lastErr = err
-		log.Warnf("Token refresh attempt %d failed: %v", attempt+1, err)
+		log.Warnf("Token refresh attempt %d for auth %s failed: %v", attempt+1, authID, err)
 	}
 
 	return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxRetries, lastErr)

internal/auth/codex/openai_auth_test.go

@@ -33,7 +33,7 @@ func TestRefreshTokensWithRetry_NonRetryableOnlyAttemptsOnce(t *testing.T) {
 		},
 	}
 
-	_, err := auth.RefreshTokensWithRetry(context.Background(), "dummy_refresh_token", 3)
+	_, err := auth.RefreshTokensWithRetry(context.Background(), "dummy_refresh_token", 3, "test-auth")
 	if err == nil {
 		t.Fatalf("expected error for non-retryable refresh failure")
 	}

internal/runtime/executor/codex_executor.go

@@ -1386,7 +1386,7 @@ func (e *CodexExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*
 		return auth, nil
 	}
 	svc := codexauth.NewCodexAuthWithProxyURL(e.cfg, auth.ProxyURL)
-	td, err := svc.RefreshTokensWithRetry(ctx, refreshToken, 3)
+	td, err := svc.RefreshTokensWithRetry(ctx, refreshToken, 3, auth.ID)
 	if err != nil {
 		return nil, err
 	}