@oxyhq/core 3.4.17 → 3.4.19

package/dist/cjs/HttpService.js

@@ -103,6 +103,7 @@ class HttpService {
         this.tokenRefreshPromise = null;
         this.tokenRefreshCooldownUntil = 0;
         this.authRefreshHandler = null;
+        this.accessTokenProvider = null;
         /**
          * Fan-out listeners notified on EVERY access-token change on this instance:
          * explicit `setTokens`, `clearTokens`, an AuthManager-owned refresh, and the
@@ -133,6 +134,24 @@ class HttpService {
         this.deduplicator = new requestUtils_1.RequestDeduplicator();
         this.requestQueue = new requestUtils_1.RequestQueue(config.maxConcurrentRequests || 10, config.requestQueueSize || 100);
     }
+    syncAccessTokenFromProvider() {
+        if (!this.accessTokenProvider) {
+            return this.tokenStore.getAccessToken();
+        }
+        const providedToken = this.accessTokenProvider();
+        const currentToken = this.tokenStore.getAccessToken();
+        if (providedToken) {
+            if (providedToken !== currentToken) {
+                this.tokenStore.setTokens(providedToken);
+                this.notifyTokenChange();
+            }
+            return providedToken;
+        }
+        if (currentToken) {
+            this.clearTokens();
+        }
+        return null;
+    }
     /**
      * Robust FormData detection that works in browser, React Native, and
      * Node.js polyfill environments.
@@ -688,7 +707,7 @@ class HttpService {
      * Get auth header with automatic token refresh
      */
     async getAuthHeader() {
-        const accessToken = this.tokenStore.getAccessToken();
+        const accessToken = this.syncAccessTokenFromProvider();
         if (!accessToken) {
             return null;
         }
@@ -700,7 +719,10 @@ class HttpService {
                 const refreshed = await this.refreshAccessToken('preflight');
                 if (refreshed)
                     return `Bearer ${refreshed}`;
-                // Refresh failed — don't use the expired token (would cause 401 loop)
+                if (decoded.exp > currentTime) {
+                    return `Bearer ${accessToken}`;
+                }
+                // Refresh failed — don't use an expired token (would cause 401 loop)
                 return null;
             }
             return `Bearer ${accessToken}`;
@@ -803,6 +825,9 @@ class HttpService {
     setAuthRefreshHandler(handler) {
         this.authRefreshHandler = handler;
     }
+    setAccessTokenProvider(provider) {
+        this.accessTokenProvider = provider;
+    }
     clearTokens() {
         this.tokenStore.clearTokens();
         this.tokenStore.clearCsrfToken();

package/dist/cjs/OxyServices.base.js

@@ -113,12 +113,10 @@ class OxyServicesBase {
         };
         syncToken(this.getAccessToken());
         const unsubscribe = this.onTokensChanged(syncToken);
+        client.setAccessTokenProvider(() => this.getAccessToken());
         client.setAuthRefreshHandler(async (reason) => {
             const refreshed = await this.httpService.refreshAccessToken(reason);
             if (!refreshed) {
-                if (reason === 'response-401') {
-                    this.clearTokens();
-                }
                 return null;
             }
             syncToken(refreshed);
@@ -129,6 +127,7 @@ class OxyServicesBase {
             dispose: () => {
                 unsubscribe();
                 client.setAuthRefreshHandler(null);
+                client.setAccessTokenProvider(null);
                 client.clearTokens();
             },
         };