Refresh tokens more often and log a better message when both auth and token refresh fails (#5655)

2025-10-28 18:55:53 -07:00
parent 149e198ce8
commit ef3e075ad6
2 changed files with 53 additions and 3 deletions
--- a/codex-rs/core/src/auth.rs
+++ b/codex-rs/core/src/auth.rs
@@ -25,6 +25,7 @@ use crate::default_client::CodexHttpClient;
 use crate::token_data::PlanType;
 use crate::token_data::TokenData;
 use crate::token_data::parse_id_token;
+use crate::util::try_parse_error_message;

 #[derive(Debug, Clone)]
 pub struct CodexAuth {
@@ -42,6 +43,9 @@ impl PartialEq for CodexAuth {
    }
 }

+// TODO(pakrym): use token exp field to check for expiration instead
+const TOKEN_REFRESH_INTERVAL: i64 = 8;
+
 impl CodexAuth {
    pub async fn refresh_token(&self) -> Result<String, std::io::Error> {
        tracing::info!("Refreshing token");
@@ -94,7 +98,7 @@ impl CodexAuth {
                last_refresh: Some(last_refresh),
                ..
            }) => {
-                if last_refresh < Utc::now() - chrono::Duration::days(28) {
+                if last_refresh < Utc::now() - chrono::Duration::days(TOKEN_REFRESH_INTERVAL) {
                    let refresh_response = tokio::time::timeout(
                        Duration::from_secs(60),
                        try_refresh_token(tokens.refresh_token.clone(), &self.client),
@@ -446,8 +450,9 @@ async fn try_refresh_token(
        Ok(refresh_response)
    } else {
        Err(std::io::Error::other(format!(
-            "Failed to refresh token: {}",
-            response.status()
+            "Failed to refresh token: {}: {}",
+            response.status(),
+            try_parse_error_message(&response.text().await.unwrap_or_default()),
        )))
    }
 }