pub async fn openai_token_refresh_loop(
config: Arc<Config>,
state: StateStore,
live_creds: LiveCredentials,
)Expand description
Keeps shunt’s live credentials in sync with Codex CLI’s auth.json.
Strategy: never proactively rotate the refresh_token — that races with Codex CLI’s own refresh logic and causes “invalid_grant” errors. Instead, just periodically sync from auth.json so shunt picks up whatever Codex wrote. On-demand refresh (401 handler) covers the case where Codex isn’t running and the token has actually expired.