- set OAuth2 authorization code `ValidUntil` on creation and add expiry checks during exchange - return a specific error when codes are invalidated twice to prevent concurrent reuse - add unit tests covering validity timestamps, expiration, and double invalidation --- Generate by a coding agent with Codex 5.2 --------- Signed-off-by: Lunny Xiao <[email protected]> Co-authored-by: Copilot <[email protected]>