fix(token-refresh): microsoft, notion, x, linear

[icecrasher321]

Summary

• Microsoft needs proactive refresh against their 90 day timeline. Confirmed from cloudwatch logs.
• Notion, X, Linear were missing flag to replace refresh token with fresh one

Type of Change

• Bug fix

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
docs	Skipped		Jan 22, 2026 2:20am

[greptile-apps]

Greptile Summary

Fixes token refresh issues for Microsoft, Notion, X, and Linear OAuth providers by implementing proactive refresh for Microsoft's 90-day expiry and enabling refresh token rotation for providers that support it.

• Added proactive refresh logic for Microsoft providers to refresh tokens 7 days before the 90-day refresh token expiry, preventing authentication failures
• Set supportsRefreshTokenRotation: true for X (x), Notion (notion), and Linear (linear) providers to properly handle rotated refresh tokens
• Updated refresh token expiry tracking for Microsoft providers in both account creation and token refresh flows
• Improved type safety by replacing any with Record<string, unknown> for update data objects

The proactive refresh mechanism checks if a Microsoft refresh token will expire within 7 days and triggers a refresh early to maintain continuous access. The rotation flag ensures that when providers issue new refresh tokens during the refresh flow, they are properly captured and stored.

Confidence Score: 4/5

• Safe to merge with one bug fix needed for Microsoft sub-providers
• The implementation correctly addresses the stated issues with well-structured proactive refresh logic and proper token rotation handling. However, the getProviderAuthConfig switch statement is missing cases for microsoft-excel, microsoft-planner, and microsoft-teams, which will cause runtime errors when these providers attempt to refresh tokens. Once this issue is fixed, the PR will be fully functional.
• Pay close attention to apps/sim/lib/oauth/oauth.ts - it needs the missing Microsoft provider cases added to prevent token refresh failures

Important Files Changed

Filename	Overview
apps/sim/app/api/auth/oauth/utils.ts	Added Microsoft proactive refresh logic (7-day threshold before 90-day expiry), improved type safety with Record<string, unknown>, and consistent refresh token handling across multiple functions
apps/sim/lib/auth/auth.ts	Set Microsoft refresh token expiry (90 days) in both account creation and update hooks to ensure proper token lifecycle tracking
apps/sim/lib/oauth/oauth.ts	Added supportsRefreshTokenRotation flag for X, Notion, and Linear providers to enable automatic replacement of refresh tokens - missing support for microsoft-excel, microsoft-planner, and microsoft-teams

Sequence Diagram

sequenceDiagram
    participant Client
    participant Utils as OAuth Utils
    participant OAuth as OAuth Service
    participant DB as Database
    participant Provider as OAuth Provider

    Note over Client,Provider: Token Refresh Flow

    Client->>Utils: Request credential access
    Utils->>Utils: Check if access token expired
    
    alt Microsoft Provider
        Utils->>Utils: Check if refresh expires within 7 days
    end
    
    alt Token needs refresh
        Utils->>OAuth: Call refreshOAuthToken
        OAuth->>Provider: Send refresh request
        Provider-->>OAuth: Return new credentials
        
        alt Supports rotation
            OAuth->>OAuth: Extract new refresh value
        end
        
        OAuth-->>Utils: Return refreshed credentials
        
        alt Microsoft Provider
            Utils->>Utils: Set refresh expiry to 90 days
        end
        
        Utils->>DB: Update account with new values
        Utils-->>Client: Return valid credential
    else Token valid
        Utils-->>Client: Return existing credential
    end

Loading

[greptile-apps]

Additional Comments (1)

1. apps/sim/lib/oauth/oauth.ts, line 890-903 (link)

   logic: Missing microsoft-excel, microsoft-planner, and microsoft-teams cases

_{3 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[icecrasher321]

@cursor review

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}