fix(auth): persist rotated refresh tokens (openclaw#373) (thanks @joshp123)

Author: Peter Steinberger

CHANGELOG.md

@@ -20,6 +20,7 @@
 - Contacts: send the required `copyMask` when deleting "other contacts", avoiding People API 400 errors. (#384) — thanks @rbansal42.
 - Calendar: hide cancelled/deleted events from `calendar events` list output by explicitly setting `showDeleted=false`. (#362) — thanks @sharukh010.
 - Calendar: use `Calendars.Get` for timezone lookups so service-account flows don’t 404 on `calendarList/primary`. (#325) — thanks @markwatson.
+- Auth: persist rotated OAuth refresh tokens returned during API calls so later commands keep working without re-auth. (#373) — thanks @joshp123.
 - Gmail: fall back to `MimeType` charset hints when `Content-Type` headers are missing so GBK/GB2312 message bodies decode correctly. (#428) — thanks @WinnCook.
 - Gmail: add a fetch delay in `watch serve` so History API reads don't race message indexing. (#397) — thanks @salmonumbrella.
 - Gmail: allow Workspace-managed send-as aliases with empty verification status in `send` and `drafts create`. (#407) — thanks @salmonumbrella.

internal/googleapi/client.go

@@ -64,7 +64,7 @@ func newPersistingTokenSource(base oauth2.TokenSource, store secrets.Store, clie
 func (p *persistingTokenSource) Token() (*oauth2.Token, error) {
 	t, err := p.base.Token()
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("base token source: %w", err)
 	}
 
 	refreshToken := strings.TrimSpace(t.RefreshToken)
@@ -147,6 +147,7 @@ func tokenSourceForAccountScopes(ctx context.Context, serviceLabel string, email
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, &http.Client{Timeout: tokenExchangeTimeout})
 
 	baseSource := cfg.TokenSource(ctx, &oauth2.Token{RefreshToken: tok.RefreshToken})
+
 	return newPersistingTokenSource(baseSource, store, client, email, tok), nil
 }
 

internal/googleapi/client_more_test.go

@@ -51,6 +51,7 @@ func (s *stubStore) SetToken(client string, email string, tok secrets.Token) err
 	}
 
 	s.tok = tok
+
 	return nil
 }
 func (s *stubStore) DeleteToken(string, string) error         { return nil }