oauth_stuff.md
edited
1the error we see in the logs is:
2
3```
42025/10/27 09:26:44 WARN auth server request failed request=token-refresh statusCode=400 body="map[error:invalid_grant error_description:Session expired]"
52025/10/27 09:26:44 failed to create pull comment failed to refresh OAuth tokens: token refresh failed: auth server request failed (HTTP 400): invalid_grant
6```
7
8which is caused by the access token expiring. we are using indigo's go oauth
9SDK, which suggests the following when performing authenticated requests:
10
11```go
12sess, err := oauthApp.ResumeSession(ctx, did, sessionID)
13
14c := sess.APIClient()
15
16c.Post(ctx, "com.atproto.repo.createRecord", ...)
17```
18
19and we do a similar thing:
20
211. [create an authorized client via `ResumeSession` followed by
22`sess.APIClient`](https://tangled.org/@tangled.org/core/blob/master/appview/oauth/oauth.go#L178)
232. [employ this in handlers to make authorized
24requests](https://tangled.org/@tangled.org/core/blob/master/appview/strings/strings.go#L252)
25
26`ClientApp.ResumeSession` seems to handle just fetching session data, but not
27refreshing, this was my misunderstanding from reading this portion of
28[doc.go](https://github.com/bluesky-social/indigo/blob/main/atproto/auth/oauth/doc.go#L123):
29
30> The [ClientSession] will handle nonce updates and token refreshes, and
31> persist the results in the [ClientAuthStore].
32
33It seems `ClientSession.RefreshTokens` is only ever called with performing an
34authorized request. We should be calling this ourselves somewhere.