airbytehq · lmossman · Jul 7, 2025 · Jul 3, 2025 · Jul 3, 2025 · Jul 3, 2025
diff --git a/airbyte_cdk/sources/declarative/parsers/model_to_component_factory.py b/airbyte_cdk/sources/declarative/parsers/model_to_component_factory.py
@@ -2801,6 +2801,7 @@ def create_oauth_authenticator(
                 ).eval(config),
                 scopes=model.scopes,
                 token_expiry_date_format=model.token_expiry_date_format,
+                token_expiry_is_time_of_expiration=bool(model.token_expiry_date_format),
                 message_repository=self._message_repository,
                 refresh_token_error_status_codes=model.refresh_token_updater.refresh_token_error_status_codes,
                 refresh_token_error_key=model.refresh_token_updater.refresh_token_error_key,

diff --git a/airbyte_cdk/sources/streams/http/requests_native_auth/abstract_oauth.py b/airbyte_cdk/sources/streams/http/requests_native_auth/abstract_oauth.py
@@ -217,10 +217,15 @@ def _make_handled_request(self) -> Any:
                 data=self.build_refresh_request_body(),
                 headers=self.build_refresh_request_headers(),
             )
+            response_json = response.json()
+            # extract the access token and add to secrets to avoid logging the raw value
+            access_key = self._extract_access_token(response_json)
+            if access_key:
+                add_to_secrets(access_key)
             # log the response even if the request failed for troubleshooting purposes
             self._log_response(response)
             response.raise_for_status()
-            return response.json()
+            return response_json
         except requests.exceptions.RequestException as e:
             if e.response is not None:
                 if e.response.status_code == 429 or e.response.status_code >= 500: