feat(auth): renew expired tokens via Firebase refresh token#3
Open
dcaslin wants to merge 1 commit into
Open
Conversation
Point boostcampapi at the refresh-token branch and load the saved session
(token + refresh token) instead of a bare env token, so the client renews an
expired Firebase ID token automatically on a 403 rather than failing the call
and forcing a manual re-login.
- get_api_client() now prefers load_session() from .boostcamp/session.pickle
(which the updated library writes as {token, refresh_token}); falls back to
the legacy BOOSTCAMP_AUTH_TOKEN from .env for older, token-only logins.
- Dependency pinned to dcaslin/boostcamp-api@fix/firebase-refresh-token until
Alex-Keyes/boostcamp-api#2 merges, then repoint to
upstream main.
Existing users must run `uv run login` once to populate the refresh token.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Wires the MCP server up to the refresh-token support added in
boostcamp-api PR #2 (Alex-Keyes/boostcamp-api#2), so an expired Firebase ID
token is renewed automatically instead of failing the call and forcing a manual
uv run login.The key fix:
get_api_client()previously builtBoostcampAPI(token=...)from.envand never loaded the session, so the client had no refresh token andcouldn't renew. It now loads the saved session.
Changes
get_api_client()loads.boostcamp/session.pickleviaload_session()— the updated library writes it as
{token, refresh_token}. With the refreshtoken in hand, the library exchanges it at the Firebase secure-token endpoint
on a 403 and retries. Falls back to the legacy
BOOSTCAMP_AUTH_TOKENfrom.env(token-only, no renewal) for logins that predate this support, andtolerates a corrupt/old-format pickle.
dcaslin/boostcamp-api@fix/firebase-refresh-token(the PR branch). A
TODOinpyproject.tomland the checklist below trackmoving it back to upstream
mainonce the API PR merges.password) is persisted, tokens auto-renew, and existing users run
uv run loginonce to populate the refresh token.Test plan
uv syncresolves to the refresh-token branch; server imports cleanly.get_api_client()loads the session and a liveget_my_profile()callsucceeds against the real API.
(
_refresh_token,_refresh_session).uv run login, verified end-to-end against real Firebase: thesession pickle now holds
{token, refresh_token}(no password/email),_refresh_session()exchanges the refresh token and the ID tokenactually changes, and a
get_my_profile()call succeeds with therefreshed token.
Merge order
pyproject.toml[tool.uv.sources]at upstreammainand re-uv sync.🤖 Generated with Claude Code