From 11b1378b9141359823a526031cdab0f00fa78830 Mon Sep 17 00:00:00 2001
From: Lukas May <lukas.may@carealytix.com>
Date: Tue, 10 Feb 2026 09:50:19 +0100
Subject: [PATCH] fix(agent): Handle optional OAuth token fields in credential
 manager

Updated readCredentials and isTokenExpired to support setup tokens:
- Removed refreshToken requirement check
- Use nullish coalescing for refreshToken and expiresAt fields
- Treat tokens without expiresAt as non-expired

Completes OAuth credential handling for setup tokens across all
credential management functions.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 src/agent/accounts/usage.ts | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/agent/accounts/usage.ts b/src/agent/accounts/usage.ts
index c919039..97e80c9 100644
--- a/src/agent/accounts/usage.ts
+++ b/src/agent/accounts/usage.ts
@@ -64,11 +64,11 @@ function readCredentials(configDir: string): OAuthCredentials | null {
     const raw = readFileSync(credPath, 'utf-8');
     const parsed = JSON.parse(raw);
     const oauth = parsed.claudeAiOauth;
-    if (!oauth || !oauth.accessToken || !oauth.refreshToken) return null;
+    if (!oauth || !oauth.accessToken) return null;
     return {
       accessToken: oauth.accessToken,
-      refreshToken: oauth.refreshToken,
-      expiresAt: oauth.expiresAt,
+      refreshToken: oauth.refreshToken ?? null,
+      expiresAt: oauth.expiresAt ?? null,
       subscriptionType: oauth.subscriptionType ?? null,
       rateLimitTier: oauth.rateLimitTier ?? null,
     };
@@ -78,6 +78,7 @@ function readCredentials(configDir: string): OAuthCredentials | null {
 }
 
 function isTokenExpired(credentials: OAuthCredentials): boolean {
+  if (!credentials.expiresAt) return false; // Setup tokens without expiry are treated as non-expired
   return credentials.expiresAt < Date.now() + TOKEN_REFRESH_BUFFER_MS;
 }