You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(oauth): clean up orphaned tokens on server removal and startup (#288)
This fixes the issue where OAuth tokens accumulate in the database for
servers that have been removed, causing unnecessary refresh attempts and
confusing error messages like "OAuth token refresh failed - token expired
too long ago".
Changes:
1. RemoveServer() now calls ClearOAuthState() to remove OAuth tokens
when a server is deleted
2. RemoveServer() notifies RefreshManager to stop tracking the removed
server's token refresh schedule
3. Added CleanupOrphanedOAuthTokens() to storage manager that removes
tokens for servers no longer in configuration
4. Startup now cleans up orphaned tokens before starting RefreshManager
Key storage design notes:
- Tokens use serverName_hash(serverName|serverURL) as storage key
- This ensures multiple servers can share the same URL (different names)
- URL changes for a server name are properly handled via ClearOAuthState
which deletes all tokens with the serverName_ prefix
Tested: Verified 7 orphaned tokens were cleaned up on startup
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
0 commit comments