From 540db1e5d8e091c40f71c45c0d1f04f906be6b5d Mon Sep 17 00:00:00 2001
From: bayger <patryk.bajer@gmail.com>
Date: Tue, 23 Jun 2026 12:23:56 +0200
Subject: [PATCH] fix: make oauth2 tokens optional in smtp_imap provider schema

refreshToken, accessToken, and accessTokenExpiry are managed by the
OAuth2 callback and refresh service, not the provider API. Also guards
the refresh service against missing tokens.
---
 src/services/OAuth2TokenRefreshService.ts                 | 2 +-
 src/services/providers/channel/SmtpImapChannelProvider.ts | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/services/OAuth2TokenRefreshService.ts b/src/services/OAuth2TokenRefreshService.ts
index 35f05d4..109f7b3 100644
--- a/src/services/OAuth2TokenRefreshService.ts
+++ b/src/services/OAuth2TokenRefreshService.ts
@@ -114,7 +114,7 @@ export class OAuth2TokenRefreshService {
     const { oauth2 } = config;
     const now = Date.now();
 
-    if (oauth2.accessTokenExpiry - now > EXPIRY_BUFFER_MS) {
+    if (!oauth2.accessTokenExpiry || !oauth2.refreshToken || oauth2.accessTokenExpiry - now > EXPIRY_BUFFER_MS) {
       return;
     }
 
diff --git a/src/services/providers/channel/SmtpImapChannelProvider.ts b/src/services/providers/channel/SmtpImapChannelProvider.ts
index 1a7d9ab..fa99713 100644
--- a/src/services/providers/channel/SmtpImapChannelProvider.ts
+++ b/src/services/providers/channel/SmtpImapChannelProvider.ts
@@ -32,9 +32,9 @@ const oauth2ConfigSchema = z.strictObject({
   tokenUrl: z.string().url().describe('OAuth2 token endpoint URL (e.g. https://oauth2.googleapis.com/token for Gmail)'),
   clientId: z.string().describe('OAuth2 client ID'),
   clientSecret: z.string().describe('OAuth2 client secret'),
-  refreshToken: z.string().describe('OAuth2 refresh token (long-lived)'),
-  accessToken: z.string().describe('Current OAuth2 access token (rotated by the refresh service)'),
-  accessTokenExpiry: z.number().int().describe('Unix timestamp in milliseconds when the access token expires'),
+  refreshToken: z.string().optional().describe('OAuth2 refresh token (long-lived, managed by the OAuth2 callback/refresh service)'),
+  accessToken: z.string().optional().describe('Current OAuth2 access token (managed by the OAuth2 callback/refresh service)'),
+  accessTokenExpiry: z.number().int().optional().describe('Unix timestamp in milliseconds when the access token expires (managed by the OAuth2 callback/refresh service)'),
   scope: z.string().describe('OAuth2 scope string (e.g. https://www.googleapis.com/auth/gmail.modify for Gmail)'),
 }).openapi('SmtpImapOauth2Config');