fix: add missing clientId to github provider config for OAuth token refresh (#442)

The github provider in open-sse/config/providers.js was missing clientId, causing refreshGitHubToken() to send client_id=undefined on 401 retry. Also guard against undefined clientSecret in both refresh implementations. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-30 07:24:31 +02:00 · 2026-03-30 07:24:31 +02:00 · cd1e06b641
commit cd1e06b641
parent e6299eef56
3 changed files with 22 additions and 13 deletions
--- a/open-sse/config/providers.js
+++ b/open-sse/config/providers.js
@ -168,7 +168,8 @@ export const PROVIDERS = {
      "X-Initiator": "user",
      "Accept": "application/json",
      "Content-Type": "application/json"
-    }
+    },
+    clientId: "Iv1.b507a08c87ecfe98"
  },
  kiro: {
    baseUrl: "https://codewhisperer.us-east-1.amazonaws.com/generateAssistantResponse",
--- a/open-sse/executors/github.js
+++ b/open-sse/executors/github.js
@ -243,15 +243,19 @@ export class GithubExecutor extends BaseExecutor {

  async refreshGitHubToken(refreshToken, log) {
    try {
+      const params = {
+        grant_type: "refresh_token",
+        refresh_token: refreshToken,
+        client_id: this.config.clientId,
+      };
+      if (this.config.clientSecret) {
+        params.client_secret = this.config.clientSecret;
+      }
+
      const response = await fetch(OAUTH_ENDPOINTS.github.token, {
        method: "POST",
        headers: { "Content-Type": "application/x-www-form-urlencoded", "Accept": "application/json" },
-        body: new URLSearchParams({
-          grant_type: "refresh_token",
-          refresh_token: refreshToken,
-          client_id: this.config.clientId,
-          client_secret: this.config.clientSecret
-        })
+        body: new URLSearchParams(params)
      });
      if (!response.ok) return null;
      const tokens = await response.json();
--- a/open-sse/services/tokenRefresh.js
+++ b/open-sse/services/tokenRefresh.js
@ -373,18 +373,22 @@ export async function refreshIflowToken(refreshToken, log) {
 * Specialized refresh for GitHub Copilot OAuth tokens
 */
 export async function refreshGitHubToken(refreshToken, log) {
+  const params = {
+    grant_type: "refresh_token",
+    refresh_token: refreshToken,
+    client_id: PROVIDERS.github.clientId,
+  };
+  if (PROVIDERS.github.clientSecret) {
+    params.client_secret = PROVIDERS.github.clientSecret;
+  }
+
  const response = await fetch(OAUTH_ENDPOINTS.github.token, {
    method: "POST",
    headers: {
      "Content-Type": "application/x-www-form-urlencoded",
      Accept: "application/json",
    },
-    body: new URLSearchParams({
-      grant_type: "refresh_token",
-      refresh_token: refreshToken,
-      client_id: PROVIDERS.github.clientId,
-      client_secret: PROVIDERS.github.clientSecret,
-    }),
+    body: new URLSearchParams(params),
  });

  if (!response.ok) {