From 2625c5c8feafd9aacd2010579fee8547ec7a4d22 Mon Sep 17 00:00:00 2001
From: Adrian Popa <adrian.popa@ro.ibm.com>
Date: Tue, 2 Sep 2025 15:27:44 +0300
Subject: [PATCH] Fix saving and retrieving oauth2 token. Expiration date was
 not including the UTC timezone even if DB is requiring it

---
 mcpgateway/services/token_storage_service.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/mcpgateway/services/token_storage_service.py b/mcpgateway/services/token_storage_service.py
index b4c16db8b..fe03ce216 100644
--- a/mcpgateway/services/token_storage_service.py
+++ b/mcpgateway/services/token_storage_service.py
@@ -11,7 +11,7 @@
 """
 
 # Standard
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 import logging
 from typing import Any, Dict, List, Optional
 
@@ -73,8 +73,7 @@ async def store_tokens(self, gateway_id: str, user_id: str, access_token: str, r
                     encrypted_refresh = self.encryption.encrypt_secret(refresh_token)
 
             # Calculate expiration
-            expires_at = datetime.utcnow() + timedelta(seconds=expires_in)
-
+            expires_at = datetime.now(timezone.utc) + timedelta(seconds=int(expires_in))
             # Create or update token record
             token_record = self.db.execute(select(OAuthToken).where(OAuthToken.gateway_id == gateway_id, OAuthToken.user_id == user_id)).scalar_one_or_none()
 
@@ -84,7 +83,7 @@ async def store_tokens(self, gateway_id: str, user_id: str, access_token: str, r
                 token_record.refresh_token = encrypted_refresh
                 token_record.expires_at = expires_at
                 token_record.scopes = scopes
-                token_record.updated_at = datetime.utcnow()
+                token_record.updated_at = datetime.now()
                 logger.info(f"Updated OAuth tokens for gateway {gateway_id}, user {user_id}")
             else:
                 # Create new record
@@ -210,8 +209,10 @@ def _is_token_expired(self, token_record: OAuthToken, threshold_seconds: int = 3
         """
         if not token_record.expires_at:
             return True
-
-        return datetime.utcnow() + timedelta(seconds=threshold_seconds) >= token_record.expires_at
+        expires_at = token_record.expires_at
+        if expires_at.tzinfo is None:
+            expires_at = expires_at.replace(tzinfo=timezone.utc)
+        return datetime.now(timezone.utc) + timedelta(seconds=threshold_seconds) >= expires_at
 
     async def get_token_info(self, gateway_id: str, user_id: str) -> Optional[Dict[str, Any]]:
         """Get information about stored OAuth tokens.