fix(astrolabe): add issued_at to on-demand token refresh

Fixes missing issued_at parameter when storing tokens refreshed via getAccessToken() callback, ensuring accurate token lifetime calculation for the background refresh job. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-27 11:25:43 +01:00
parent 28219e00e7
commit c46f9eb212
2 changed files with 12 additions and 11 deletions
@@ -217,14 +217,22 @@ class McpTokenStorage {
 					if ($newTokenData && isset($newTokenData['access_token'])) {
 						// Store refreshed token
 						// Use new refresh token if provided (rotation), otherwise keep old one
+						$now = time();
+						/** @var string $accessToken */
+						$accessToken = $newTokenData['access_token'];
+						/** @var string $refreshToken */
+						$refreshToken = $newTokenData['refresh_token'] ?? $token['refresh_token'];
+						$expiresIn = (int)($newTokenData['expires_in'] ?? 3600);
+
 						$this->storeUserToken(
 							$userId,
-							$newTokenData['access_token'],
-							$newTokenData['refresh_token'] ?? $token['refresh_token'],
-							time() + ($newTokenData['expires_in'] ?? 3600)
+							$accessToken,
+							$refreshToken,
+							$now + $expiresIn,
+							$now  // issued_at for accurate lifetime calculation
 						);

-						return $newTokenData['access_token'];
+						return $accessToken;
 					}
 				} catch (\Exception $e) {
 					$this->logger->error("Failed to refresh token for user $userId", [
@@ -388,11 +388,6 @@
    <InvalidReturnType>
      <code><![CDATA[array|null]]></code>
    </InvalidReturnType>
-    <MixedArgument>
-      <code><![CDATA[$newTokenData['access_token']]]></code>
-      <code><![CDATA[$newTokenData['refresh_token'] ?? $token['refresh_token']]]></code>
-      <code><![CDATA[time() + ($newTokenData['expires_in'] ?? 3600)]]></code>
-    </MixedArgument>
    <MixedAssignment>
      <code><![CDATA[$newTokenData]]></code>
    </MixedAssignment>
@@ -400,11 +395,9 @@
      <code><![CDATA[string|null]]></code>
    </MixedInferredReturnType>
    <MixedOperand>
-      <code><![CDATA[$newTokenData['expires_in'] ?? 3600]]></code>
      <code><![CDATA[$token['expires_at']]]></code>
    </MixedOperand>
    <MixedReturnStatement>
-      <code><![CDATA[$newTokenData['access_token']]]></code>
      <code><![CDATA[$token['access_token']]]></code>
    </MixedReturnStatement>
    <PossiblyUnusedMethod>