From fc1e8baa23a469f6dcec50538dca9769685140c7 Mon Sep 17 00:00:00 2001
From: Gregory Schier <gschier1990@gmail.com>
Date: Tue, 9 Dec 2025 14:08:31 -0800
Subject: [PATCH] Catch any 4XX error on refresh token failure

https://feedback.yaak.app/p/folders-oauth2-refresh-token-issue
---
 plugins/auth-oauth2/src/getOrRefreshAccessToken.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/plugins/auth-oauth2/src/getOrRefreshAccessToken.ts b/plugins/auth-oauth2/src/getOrRefreshAccessToken.ts
index e3c7503e..07fc4ea0 100644
--- a/plugins/auth-oauth2/src/getOrRefreshAccessToken.ts
+++ b/plugins/auth-oauth2/src/getOrRefreshAccessToken.ts
@@ -71,10 +71,10 @@ export async function getOrRefreshAccessToken(
   httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
   const resp = await ctx.httpRequest.send({ httpRequest });
 
-  if (resp.status === 401) {
-    // Bad refresh token, so we'll force it to fetch a fresh access token by deleting
-    // and returning null;
-    console.log('[oauth2] Unauthorized refresh_token request');
+  if (resp.status >= 400 && resp.status < 500) {
+    // Client errors (4xx) indicate the refresh token is invalid, expired, or revoked
+    // Delete the token and return null to trigger a fresh authorization flow
+    console.log('[oauth2] Refresh token request failed with client error, deleting token');
     await deleteToken(ctx, tokenArgs);
     return null;
   }