Danny Avila a83bcb3490 🪃 fix: Retry MCP OAuth Token Refresh Without Scope on Server Rejection (#13412) ... LibreChat sends `scope` on the refresh_token grant by default (PR #7924) because some authorization servers expect it. Salesforce rejects any scope on refresh with HTTP 400 "scope parameter not supported" (confirmed in production logs for case 00046259), which broke token refresh and forced re-authentication — amplifying the multi-replica PKCE retry storm. RFC 6749 §6 makes scope optional on refresh (the server reuses the original grant). postRefreshRequest now sends scope as before and retries once WITHOUT it only when the failure is specifically a scope-parameter rejection (isScopeParameterRejection), so servers that need scope are unaffected and Salesforce-like servers self-heal with no operator config.		2026-05-30 01:52:43 -04:00
..
src	🪃 fix: Retry MCP OAuth Token Refresh Without Scope on Server Rejection (#13412)	2026-05-30 01:52:43 -04:00
types	🔬 ci: Add TypeScript Type Checks to Backend Workflow and Fix All Type Errors (#12451)	2026-03-28 21:06:39 -04:00
.gitignore
babel.config.cjs
jest.config.mjs	🌱 fix: Inject Code-Tool Files Into Graph Sessions on First Call (+ read_file Sandbox Fallback) (#12831)	2026-04-27 08:56:39 +09:00
jest.setup.cjs	🌱 fix: Inject Code-Tool Files Into Graph Sessions on First Call (+ read_file Sandbox Fallback) (#12831)	2026-04-27 08:56:39 +09:00
package.json	📦 chore: Update @librechat/agents to v3.1.99	2026-05-29 11:02:07 -07:00
rollup.config.js	📡 feat: Add Backend OpenTelemetry Tracing (#12909)	2026-05-14 09:08:55 -04:00
tsconfig-paths-bootstrap.mjs
tsconfig.build.json	🧑‍💻 refactor: Secure Field Selection for 2FA & API Build Sourcemap (#9087)	2025-08-15 18:55:49 -04:00
tsconfig.json	📦 chore: npm audit fixes and Mongoose 8.23 TypeScript follow-ups (#12996)	2026-05-07 09:47:40 -04:00
tsconfig.spec.json	📦 chore: Update TypeScript Config for TS v7 (#12794)	2026-04-23 12:51:03 -04:00