Critical Authentication & Session Stability Updates
This release addresses a critical issue affecting Google OAuth sessions and introduces robust mechanisms for long-lived authentication.
Resolving "Invalid Token Response"
FixedUsers previously encountered an Invalid token response error when attempting to sign in with Google. This was caused by the extension strictly validating the presence of a Refresh Token, which was occasionally missing from the initial OAuth response due to various factors (implicit flow redirect handling).
Composite Token Strategy
NewTo ensure 100% reliability in capturing session credentials, we have implemented a new Composite Token Passing strategy on our authentication server.
- S
Server-Side Packing
The auth callback handler now captures both access_token and refresh_token.
- S
Secure Transfer
Tokens are packed into a single, secure JSON payload before transfer.
- R
Robust Unpacking
Intelligent extraction ensures the Refresh Token is never lost.
Eliminated 1-Hour Auto-Logout
ImprovedPreviously, without a valid Refresh Token, sessions would hard-expire after 1 hour. With the new Composite Token strategy, the extension now reliably stores a Refresh Token. This allows Mentrex to silent-refresh your session in the background indefinitely, providing a seamless "stay logged in" experience.