
























@@ -141,6 +141,14 @@ function hasOAuthCredentialChanged(
141141);
142142}
143143144+function canReuseOAuthCredentialAfterRefreshFailure(params: {
145+forceRefresh?: boolean;
146+attempted: Pick<OAuthCredential, "access" | "refresh" | "expires">;
147+candidate: OAuthCredential;
148+}): boolean {
149+return !params.forceRefresh || hasOAuthCredentialChanged(params.attempted, params.candidate);
150+}
151+144152async function loadFreshStoredOAuthCredential(params: {
145153profileId: string;
146154agentDir?: string;
@@ -324,6 +332,7 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
324332provider: string;
325333agentDir?: string;
326334cfg?: OpenClawConfig;
335+forceRefresh?: boolean;
327336}): Promise<ResolvedOAuthAccess | null> {
328337const ownerAgentDir = resolvePersistedAuthProfileOwnerAgentDir(params);
329338const authPath = resolveAuthStorePath(ownerAgentDir);
@@ -340,7 +349,7 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
340349}
341350let credentialToRefresh = cred;
342351343-if (hasUsableOAuthCredential(cred)) {
352+if (!params.forceRefresh && hasUsableOAuthCredential(cred)) {
344353return {
345354apiKey: await adapter.buildApiKey(cred.provider, cred, {
346355cfg: params.cfg,
@@ -358,6 +367,7 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
358367mainCred?.type === "oauth" &&
359368mainCred.provider === cred.provider &&
360369hasUsableOAuthCredential(mainCred) &&
370+!params.forceRefresh &&
361371isSafeToAdoptMainStoreOAuthIdentity(cred, mainCred)
362372) {
363373store.profiles[params.profileId] = { ...mainCred };
@@ -419,7 +429,7 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
419429saveAuthProfileStore(store, ownerAgentDir);
420430}
421431credentialToRefresh = externallyManaged;
422-if (hasUsableOAuthCredential(externallyManaged)) {
432+if (!params.forceRefresh && hasUsableOAuthCredential(externallyManaged)) {
423433return {
424434apiKey: await adapter.buildApiKey(externallyManaged.provider, externallyManaged, {
425435cfg: params.cfg,
@@ -485,6 +495,7 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
485495provider: string;
486496agentDir?: string;
487497cfg?: OpenClawConfig;
498+forceRefresh?: boolean;
488499}): Promise<ResolvedOAuthAccess | null> {
489500const key = refreshQueueKey(params.provider, params.profileId);
490501const prev = refreshQueues.get(key) ?? Promise.resolve();
@@ -510,6 +521,7 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
510521credential: OAuthCredential;
511522agentDir?: string;
512523cfg?: OpenClawConfig;
524+forceRefresh?: boolean;
513525}): Promise<ResolvedOAuthAccess | null> {
514526const adoptedCredential =
515527adoptNewerMainOAuthCredential({
@@ -524,7 +536,7 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
524536readBootstrapCredential: adapter.readBootstrapCredential,
525537});
526538527-if (hasUsableOAuthCredential(effectiveCredential)) {
539+if (!params.forceRefresh && hasUsableOAuthCredential(effectiveCredential)) {
528540return {
529541apiKey: await adapter.buildApiKey(effectiveCredential.provider, effectiveCredential, {
530542cfg: params.cfg,
@@ -540,12 +552,21 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
540552provider: params.credential.provider,
541553agentDir: params.agentDir,
542554cfg: params.cfg,
555+forceRefresh: params.forceRefresh,
543556});
544557return refreshed;
545558} catch (error) {
546559const refreshedStore = loadAuthProfileStoreWithoutExternalProfiles(params.agentDir);
547560const refreshed = refreshedStore.profiles[params.profileId];
548-if (refreshed?.type === "oauth" && hasUsableOAuthCredential(refreshed)) {
561+if (
562+refreshed?.type === "oauth" &&
563+hasUsableOAuthCredential(refreshed) &&
564+canReuseOAuthCredentialAfterRefreshFailure({
565+forceRefresh: params.forceRefresh,
566+attempted: effectiveCredential,
567+candidate: refreshed,
568+})
569+) {
549570return {
550571apiKey: await adapter.buildApiKey(refreshed.provider, refreshed, {
551572cfg: params.cfg,
@@ -564,7 +585,7 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
564585profileId: params.profileId,
565586agentDir: params.agentDir,
566587provider: params.credential.provider,
567-previous: params.credential,
588+previous: effectiveCredential,
568589requireChange: true,
569590});
570591if (recovered) {
@@ -582,6 +603,7 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
582603provider: params.credential.provider,
583604agentDir: params.agentDir,
584605cfg: params.cfg,
606+forceRefresh: params.forceRefresh,
585607});
586608if (retried) {
587609return retried;
@@ -601,6 +623,11 @@ export function createOAuthManager(adapter: OAuthManagerAdapter) {
601623mainCred?.type === "oauth" &&
602624mainCred.provider === params.credential.provider &&
603625hasUsableOAuthCredential(mainCred) &&
626+canReuseOAuthCredentialAfterRefreshFailure({
627+forceRefresh: params.forceRefresh,
628+attempted: effectiveCredential,
629+candidate: mainCred,
630+}) &&
604631isSafeToAdoptMainStoreOAuthIdentity(params.credential, mainCred)
605632) {
606633refreshedStore.profiles[params.profileId] = { ...mainCred };
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。