From e54931c10bfc796533438a2857efcc783694a5f5 Mon Sep 17 00:00:00 2001
From: PostHog Code <code@posthog.com>
Date: Thu, 21 May 2026 12:00:40 +0000
Subject: [PATCH] fix: make refresh_token optional in OAuthTokenResponseSchema

The OAuth token endpoint does not always issue a refresh_token, but the
schema marked it required, so parse() threw synchronously inside
exchangeCodeForToken and aborted the entire wizard run during login.

The performOAuthFlow result is consumed only for access_token and
scoped_teams (src/utils/setup-utils.ts:488), so loosening the schema is
safe.

Generated-By: PostHog Code
Task-Id: 9ee1d361-cf7f-4c33-8298-8f829cd4c6a0
---
 src/utils/oauth.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/utils/oauth.ts b/src/utils/oauth.ts
index 0dd3e383..2cdb8584 100644
--- a/src/utils/oauth.ts
+++ b/src/utils/oauth.ts
@@ -48,7 +48,7 @@ const OAuthTokenResponseSchema = z.object({
   expires_in: z.number(),
   token_type: z.string(),
   scope: z.string(),
-  refresh_token: z.string(),
+  refresh_token: z.string().optional(),
   scoped_teams: z.array(z.number()).optional(),
   scoped_organizations: z.array(z.string()).optional(),
 });