@radzor/oauth-token-refresh

Automatic OAuth 2.0 access token refresh and lifecycle management. Handles token expiry detection, background refresh, secure storage, and provider-specific quirks for Google, GitHub, Discord, Stripe, and custom providers.

Authenticationv0.1.0typescriptServeroauthtokenrefreshauthgooglegithubdiscordjwtby Radzor

Install

View source on GitHub →

$npx radzor@latest add oauth-token-refresh

⚠ Constraints: Refresh tokens must be stored securely (encrypted at rest). GitHub tokens do not expire unless the user revokes access. Call store() after the initial OAuth authorization flow (handled by @radzor/auth-oauth). Never log access tokens.

Inputs

Name	Type	Default	Description
clientId*	string	—	OAuth application client ID.
clientSecret*	string	—	OAuth application client secret.GOOGLE_CLIENT_SECRET
tokenEndpoint	string	—	Provider token endpoint URL. Omit to use a preset provider.
provider	'google' \| 'github' \| 'discord' \| 'stripe' \| 'custom'	custom	Known provider preset. Sets tokenEndpoint and quirks automatically.
refreshBuffer	number	300	Seconds before expiry to proactively refresh the token.

clientId

Name	Type	Description
accessToken	string	Current valid access token.
tokenMeta	TokenMeta	Token metadata: expiresAt, scope, tokenType. .accessTokenstring .expiresAtnumber .scopestring .tokenTypestring

@radzor/oauth-token-refresh

Install

Inputs

Outputs

Actions

Events

Composability

radzor.manifest.json

Version History