MCP OAuth refresh_token not used correctly #5259
Description
Describe the bug
Goose in its current state does not (at least reliably?) accept the refresh_token when supplied by the auth server. It does not submit "offline_access" as a scope either, which may be required.
To Reproduce
Steps to reproduce the behavior:
- Add an MCP server that follows the spec for auth (OAuth2.1 with DCR)
- Wait a few minutes/hours for the access token to expire.
- Goose fires off the auth flow again.
Expected behavior
The refresh_token should be persisted and used to update the access token. The old access token should be thrown away.
Screenshots
NA
Please provide following information:
- OS & Arch: Apple M3/Darwin
- Interface: CLI
- Version: 1.11.0
- Extensions enabled: A test MCP server requiring authentication and following the current MCP auth spec.
- Provider & Model: Local (Qwen3 running on a 8xMi325X) (probably not relevant)
Additional context
For what it's worth, these two branches fix the issue. However, it's most definitely AI slop as I am not a Rust programmer.
https://github.com/ianschenck/rust-sdk/tree/ian/refresh-token-callback (rust-sdk)
https://github.com/ianschenck/goose/tree/ian/get-refresh-token (goose)