From cd1e06b641d98960e0d1388a0fbc7277c27e6255 Mon Sep 17 00:00:00 2001
From: "Manuel B." <baslr@users.noreply.github.com>
Date: Mon, 30 Mar 2026 07:24:31 +0200
Subject: [PATCH] fix: add missing clientId to github provider config for OAuth
 token refresh (#442)

The github provider in open-sse/config/providers.js was missing clientId,
causing refreshGitHubToken() to send client_id=undefined on 401 retry.
Also guard against undefined clientSecret in both refresh implementations.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
---
 open-sse/config/providers.js      |  3 ++-
 open-sse/executors/github.js      | 16 ++++++++++------
 open-sse/services/tokenRefresh.js | 16 ++++++++++------
 3 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/open-sse/config/providers.js b/open-sse/config/providers.js
index b1c7831..1d060ff 100644
--- a/open-sse/config/providers.js
+++ b/open-sse/config/providers.js
@@ -168,7 +168,8 @@ export const PROVIDERS = {
       "X-Initiator": "user",
       "Accept": "application/json",
       "Content-Type": "application/json"
-    }
+    },
+    clientId: "Iv1.b507a08c87ecfe98"
   },
   kiro: {
     baseUrl: "https://codewhisperer.us-east-1.amazonaws.com/generateAssistantResponse",
diff --git a/open-sse/executors/github.js b/open-sse/executors/github.js
index b174007..8eb299b 100644
--- a/open-sse/executors/github.js
+++ b/open-sse/executors/github.js
@@ -243,15 +243,19 @@ export class GithubExecutor extends BaseExecutor {
 
   async refreshGitHubToken(refreshToken, log) {
     try {
+      const params = {
+        grant_type: "refresh_token",
+        refresh_token: refreshToken,
+        client_id: this.config.clientId,
+      };
+      if (this.config.clientSecret) {
+        params.client_secret = this.config.clientSecret;
+      }
+
       const response = await fetch(OAUTH_ENDPOINTS.github.token, {
         method: "POST",
         headers: { "Content-Type": "application/x-www-form-urlencoded", "Accept": "application/json" },
-        body: new URLSearchParams({
-          grant_type: "refresh_token",
-          refresh_token: refreshToken,
-          client_id: this.config.clientId,
-          client_secret: this.config.clientSecret
-        })
+        body: new URLSearchParams(params)
       });
       if (!response.ok) return null;
       const tokens = await response.json();
diff --git a/open-sse/services/tokenRefresh.js b/open-sse/services/tokenRefresh.js
index 60423f7..3609986 100644
--- a/open-sse/services/tokenRefresh.js
+++ b/open-sse/services/tokenRefresh.js
@@ -373,18 +373,22 @@ export async function refreshIflowToken(refreshToken, log) {
  * Specialized refresh for GitHub Copilot OAuth tokens
  */
 export async function refreshGitHubToken(refreshToken, log) {
+  const params = {
+    grant_type: "refresh_token",
+    refresh_token: refreshToken,
+    client_id: PROVIDERS.github.clientId,
+  };
+  if (PROVIDERS.github.clientSecret) {
+    params.client_secret = PROVIDERS.github.clientSecret;
+  }
+
   const response = await fetch(OAUTH_ENDPOINTS.github.token, {
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded",
       Accept: "application/json",
     },
-    body: new URLSearchParams({
-      grant_type: "refresh_token",
-      refresh_token: refreshToken,
-      client_id: PROVIDERS.github.clientId,
-      client_secret: PROVIDERS.github.clientSecret,
-    }),
+    body: new URLSearchParams(params),
   });
 
   if (!response.ok) {