fix(provider): add OAuth token refresh support for GitLab provider

[zerone0x]

What

Add automatic token refresh when GitLab OAuth tokens expire during a session.

How verified

• Code review of the implementation
• The fix adds a new refresh hook to the plugin interface that allows auth plugins to handle token refresh
• The gitlab provider's custom fetch now:
  1. Proactively checks if tokens are expired before making requests
  2. Handles 401 "invalid_token" errors by attempting refresh and retry

Changes

• packages/plugin/src/index.ts: Add refresh function to AuthHook interface
• packages/opencode/src/provider/auth.ts: Add ProviderAuth.refresh() to invoke plugin refresh logic
• packages/opencode/src/provider/provider.ts: Add custom fetch in gitlab loader with token refresh handling

Note

This requires the external GitLab auth plugin (@gitlab/opencode-gitlab-auth) to implement the new refresh hook to provide the actual token refresh logic.

Fixes #9711

🤖 Generated with Claude Code

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Based on my search, no duplicate PRs found

[zerone0x]

https://app.devin.ai/review/anomalyco/opencode/pull/9949

[vglafirov]

@zerone0x Thanks for the fix. I will wait until this PR has merged and add refresh hook to opencode-gitlab-auth plugin.

[vglafirov]

@rekram1-node Would you mind take a look at this PR, please?

[OddballGreg]

Hey @rekram1-node , just wanted to bump this PR. The TOKEN_REFRESH_NEEDED error is a significant pain point when using opencode with GitLab Duo - it completely halts the session and requires a manual restart to re-authenticate, and seemingly even that doesn't always work as I'll restart opencode repeatedly and just be met with the same error. It's been a pretty huge pain point for me these past few weeks.

[vglafirov]

This should be superseded by #13850 This PR fixes OAuth token refresh on Gitlab provider side.

[vglafirov]

With #13850 merged and release, this issue has been fixed.