fix: PAT login fails when stale OAuth fields exist

is_oauth() now checks for non-empty session_token instead of just
Some(). PAT login clears session_token, figma_refresh_token, and
figma_token_expires_at so subsequent API calls use the correct
X-Figma-Token header.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: gold-ak47

src/commands/login.rs

@@ -89,6 +89,10 @@ async fn run_token_login(token: &str) -> Result<()> {
             config.figma_token = Some(token.to_string());
             config.user_email = Some(me.email);
             config.user_name = Some(me.handle);
+            // Clear any stale OAuth fields so is_oauth() returns false
+            config.session_token = None;
+            config.figma_refresh_token = None;
+            config.figma_token_expires_at = None;
         }
         Err(e) => {
             println!("{}", format!("Failed: {e}").red());
@@ -326,6 +330,10 @@ async fn run_pat_login() -> Result<()> {
             config.figma_token = Some(token);
             config.user_email = Some(me.email);
             config.user_name = Some(me.handle);
+            // Clear any stale OAuth fields so is_oauth() returns false
+            config.session_token = None;
+            config.figma_refresh_token = None;
+            config.figma_token_expires_at = None;
         }
         Err(e) => {
             println!("{}", format!("Failed: {e}").red());

src/config.rs

@@ -68,7 +68,10 @@ impl GlobalConfig {
     /// Returns true if the stored token came from OAuth (device flow login)
     /// vs a Personal Access Token (--pat or --figma-token).
     pub fn is_oauth(&self) -> bool {
-        self.session_token.is_some()
+        self.session_token
+            .as_deref()
+            .map(|s| !s.is_empty())
+            .unwrap_or(false)
     }
 
     /// Create a FigmaClient with the right auth header (OAuth Bearer vs PAT).