impl
commented
3 years ago Thanks for catching this! Looks like it didn't pop up in tests because the mock provider doesn't suffer from the same problem since it doesn't use the library. I think I'm going to actually move this code over to the basic provider itself (other places in the code do call RefreshToken as well) and see if I can make a test for it so I don't break it again.
Version v1.10.0 broke the minimum_seconds option by no longer clearing the access token before doing a refresh. The oauth2 library by default reuses any access tokens that have more than 10 seconds remaining on them.