Merge remote-tracking branch 'origin/main'

# Conflicts: # internal/auth/kiro/oauth_web.go
2026-03-21 16:40:22 +00:00 · 2026-01-21 10:31:55 +08:00
parent 0f63d973be a9ee971e1c
commit c9aa1ff99d
38 changed files with 1403 additions and 332 deletions
--- a/internal/auth/kiro/aws_auth.go
+++ b/internal/auth/kiro/aws_auth.go
@@ -280,6 +280,11 @@ func (k *KiroAuth) CreateTokenStorage(tokenData *KiroTokenData) *KiroTokenStorag
 		AuthMethod:   tokenData.AuthMethod,
 		Provider:     tokenData.Provider,
 		LastRefresh:  time.Now().Format(time.RFC3339),
+		ClientID:     tokenData.ClientID,
+		ClientSecret: tokenData.ClientSecret,
+		Region:       tokenData.Region,
+		StartURL:     tokenData.StartURL,
+		Email:        tokenData.Email,
 	}
 }

@@ -311,4 +316,19 @@ func (k *KiroAuth) UpdateTokenStorage(storage *KiroTokenStorage, tokenData *Kiro
 	storage.AuthMethod = tokenData.AuthMethod
 	storage.Provider = tokenData.Provider
 	storage.LastRefresh = time.Now().Format(time.RFC3339)
+	if tokenData.ClientID != "" {
+		storage.ClientID = tokenData.ClientID
+	}
+	if tokenData.ClientSecret != "" {
+		storage.ClientSecret = tokenData.ClientSecret
+	}
+	if tokenData.Region != "" {
+		storage.Region = tokenData.Region
+	}
+	if tokenData.StartURL != "" {
+		storage.StartURL = tokenData.StartURL
+	}
+	if tokenData.Email != "" {
+		storage.Email = tokenData.Email
+	}
 }
--- a/internal/auth/kiro/oauth_web.go
+++ b/internal/auth/kiro/oauth_web.go
@@ -377,18 +377,18 @@ func (h *OAuthWebHandler) pollForToken(ctx context.Context, session *webAuthSess
 			email := FetchUserEmailWithFallback(ctx, h.cfg, tokenResp.AccessToken)

 			tokenData := &KiroTokenData{
-				AccessToken:  tokenResp.AccessToken,
-				RefreshToken: tokenResp.RefreshToken,
-				ProfileArn:   profileArn,
-				ExpiresAt:    expiresAt.Format(time.RFC3339),
-				AuthMethod:   session.authMethod,
-				Provider:     "AWS",
-				ClientID:     session.clientID,
-				ClientSecret: session.clientSecret,
-				Email:        email,
-				Region:       session.region,
-				StartURL:     session.startURL,
-			}
+					AccessToken:  tokenResp.AccessToken,
+					RefreshToken: tokenResp.RefreshToken,
+					ProfileArn:   profileArn,
+					ExpiresAt:    expiresAt.Format(time.RFC3339),
+					AuthMethod:   session.authMethod,
+					Provider:     "AWS",
+					ClientID:     session.clientID,
+					ClientSecret: session.clientSecret,
+					Email:        email,
+					Region:       session.region,
+					StartURL:     session.startURL,
+				}

 			h.mu.Lock()
 			session.status = statusSuccess
@@ -829,7 +829,7 @@ func (h *OAuthWebHandler) handleImportToken(c *gin.Context) {

 // handleManualRefresh handles manual token refresh requests from the web UI.
 // This allows users to trigger a token refresh when needed, without waiting
-// for the automatic 5-second check and 10-minute-before-expiry refresh cycle.
+// for the automatic 30-second check and 20-minute-before-expiry refresh cycle.
 // Uses the same refresh logic as kiro_executor.Refresh for consistency.
 func (h *OAuthWebHandler) handleManualRefresh(c *gin.Context) {
 	authDir := ""