From 561680501ab8df80db7f547845167f28a5ae00ea Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 11 Mar 2026 13:49:05 +0100 Subject: [PATCH] SSO warnings: write "session expires in ..." when refresh token is present When a refresh token is available, prefix expiration warnings with "session" to distinguish refresh-based expiry from access token expiry. Also suppress access-token expiration warnings when a refresh token exists but has no expiry set (it will auto-refresh). --- pkg/app/run.go | 6 +++++- pkg/commands/auth/expiry.go | 4 ++++ pkg/commands/auth/list.go | 10 ++++++++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/pkg/app/run.go b/pkg/app/run.go index 2375c5500..947bdd90e 100644 --- a/pkg/app/run.go +++ b/pkg/app/run.go @@ -541,7 +541,11 @@ func checkTokenExpirationWarning(data *global.Data, commandName string) { summary := authcmd.ExpirationSummary(status, expires, time.Now()) remediation := authcmd.ExpirationRemediation(at.Type) - text.Warning(data.Output, "Your active token %s. %s\n", summary, remediation) + label := "" + if at.RefreshExpiresAt != "" { + label = "session " + } + text.Warning(data.Output, "Your active token %s%s. %s\n", label, summary, remediation) } // isAuthRelatedCommand reports whether commandName belongs to an auth-related diff --git a/pkg/commands/auth/expiry.go b/pkg/commands/auth/expiry.go index 989aa7069..0a95d3699 100644 --- a/pkg/commands/auth/expiry.go +++ b/pkg/commands/auth/expiry.go @@ -74,6 +74,10 @@ func staticExpirationStatus(at *config.AuthToken, now time.Time) (ExpirationStat // RefreshExpiresAt (the user-actionable deadline) and falls back to // AccessExpiresAt when refresh info is missing or malformed. func ssoExpirationStatus(at *config.AuthToken, now time.Time) (ExpirationStatus, time.Time, error) { + if at.RefreshToken != "" && at.RefreshExpiresAt == "" { + return StatusNoExpiry, time.Time{}, nil + } + if at.RefreshExpiresAt != "" { expires, err := time.Parse(time.RFC3339, at.RefreshExpiresAt) if err == nil { diff --git a/pkg/commands/auth/list.go b/pkg/commands/auth/list.go index 5aeb865fe..67189fede 100644 --- a/pkg/commands/auth/list.go +++ b/pkg/commands/auth/list.go @@ -53,13 +53,19 @@ func (c *ListCommand) Exec(_ io.Reader, out io.Writer) error { if err != nil && c.Globals.ErrLog != nil { c.Globals.ErrLog.Add(err) } + + label := "" + if entry.RefreshExpiresAt != "" { + label = "session " + } + switch status { case StatusExpiringSoon: summary := ExpirationSummary(status, expires, now) - expiryStr = " " + text.BoldYellow(fmt.Sprintf("[%s]", summary)) + expiryStr = " " + text.BoldYellow(fmt.Sprintf("[%s%s]", label, summary)) case StatusExpired: summary := ExpirationSummary(status, expires, now) - expiryStr = " " + text.BoldRed(fmt.Sprintf("[%s]", summary)) + expiryStr = " " + text.BoldRed(fmt.Sprintf("[%s%s]", label, summary)) case StatusOK, StatusNoExpiry, StatusNeedsReauth: } }