From df0d1481425c30eaa8428934ada4bd658e7704ed Mon Sep 17 00:00:00 2001 From: Wes Tarle Date: Mon, 15 Jun 2026 12:27:23 +0000 Subject: [PATCH 1/3] test(auth): add test for keeping stale credentials on refresh failure Add graceful degradation test to verify stale but still valid cached credentials are not cleared if a refresh attempt fails. TAG=agy CONV=4aafb1cc-33ea-453d-968d-7e69305c0b3a --- .../test/test.oauth2.ts | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/core/packages/google-auth-library-nodejs/test/test.oauth2.ts b/core/packages/google-auth-library-nodejs/test/test.oauth2.ts index fe4f656c92ba..e320f6da8354 100644 --- a/core/packages/google-auth-library-nodejs/test/test.oauth2.ts +++ b/core/packages/google-auth-library-nodejs/test/test.oauth2.ts @@ -1091,6 +1091,42 @@ describe('oauth2', () => { scopes.forEach(s => s.done()); }); + it('should keep old stale credentials if refreshing fails on request', async () => { + const client = new OAuth2Client({ + clientId: CLIENT_ID, + clientSecret: CLIENT_SECRET, + redirectUri: REDIRECT_URI, + eagerRefreshThresholdMillis: 5000, + }); + client.credentials = { + access_token: 'initial-access-token', + refresh_token: 'refresh-token-placeholder', + expiry_date: new Date().getTime() + 3000, + }; + + const scopes = [ + nock(baseUrl, { + reqheaders: { + 'content-type': 'application/x-www-form-urlencoded;charset=UTF-8', + }, + }) + .post('/token') + .times(4) + .reply(500, 'Internal Server Error'), + ]; + + await assert.rejects( + client.request({url: 'http://example.com'}), + /Internal Server Error/ + ); + + // Verify the credentials were not wiped/cleared + assert.strictEqual(client.credentials.access_token, 'initial-access-token'); + assert.strictEqual(client.credentials.refresh_token, 'refresh-token-placeholder'); + + scopes.forEach(s => s.done()); + }); + it('should not refresh if access token will not expire soon and time to refresh before expiration is set', async () => { const client = new OAuth2Client({ clientId: CLIENT_ID, From a2a0d7c4e3525501927a6675974c7b22531da22e Mon Sep 17 00:00:00 2001 From: Wes Tarle Date: Mon, 15 Jun 2026 11:35:19 -0400 Subject: [PATCH 2/3] Update core/packages/google-auth-library-nodejs/test/test.oauth2.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- core/packages/google-auth-library-nodejs/test/test.oauth2.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/core/packages/google-auth-library-nodejs/test/test.oauth2.ts b/core/packages/google-auth-library-nodejs/test/test.oauth2.ts index e320f6da8354..3ad906a8da37 100644 --- a/core/packages/google-auth-library-nodejs/test/test.oauth2.ts +++ b/core/packages/google-auth-library-nodejs/test/test.oauth2.ts @@ -1096,12 +1096,13 @@ describe('oauth2', () => { clientId: CLIENT_ID, clientSecret: CLIENT_SECRET, redirectUri: REDIRECT_URI, - eagerRefreshThresholdMillis: 5000, + eagerRefreshThresholdMillis: 100000, }); + const expiryDate = Date.now() + 50000; client.credentials = { access_token: 'initial-access-token', refresh_token: 'refresh-token-placeholder', - expiry_date: new Date().getTime() + 3000, + expiry_date: expiryDate, }; const scopes = [ From ff01571190c4af8baa95b5a1f89fdb93c89a9175 Mon Sep 17 00:00:00 2001 From: Wes Tarle Date: Mon, 15 Jun 2026 11:35:29 -0400 Subject: [PATCH 3/3] Update core/packages/google-auth-library-nodejs/test/test.oauth2.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- core/packages/google-auth-library-nodejs/test/test.oauth2.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/core/packages/google-auth-library-nodejs/test/test.oauth2.ts b/core/packages/google-auth-library-nodejs/test/test.oauth2.ts index 3ad906a8da37..80e32fd9fabb 100644 --- a/core/packages/google-auth-library-nodejs/test/test.oauth2.ts +++ b/core/packages/google-auth-library-nodejs/test/test.oauth2.ts @@ -1124,6 +1124,7 @@ describe('oauth2', () => { // Verify the credentials were not wiped/cleared assert.strictEqual(client.credentials.access_token, 'initial-access-token'); assert.strictEqual(client.credentials.refresh_token, 'refresh-token-placeholder'); + assert.strictEqual(client.credentials.expiry_date, expiryDate); scopes.forEach(s => s.done()); });