assign token AFTER refresh :)

oauth3.core.js

@@ -200,7 +200,7 @@
   , getFreshness: function (meta, staletime, now) {
       staletime = staletime || (15 * 60);
       now = now || Date.now();
-      var fresh = ((parseInt(meta.exp, 10) || 0) - (now / 1000));
+      var fresh = ((parseInt(meta.exp, 10) || 0) - Math.round(now / 1000));
 
       if (fresh >= staletime) {
         return 'fresh';

oauth3.js

@@ -141,6 +141,9 @@
 
     function lintAndRequest(preq) {
       function goGetHer() {
+        preq.headers = preq.headers || {};
+        preq.headers.Authorization = 'Bearer ' + (preq.session.access_token || preq.session.accessToken);
+
         if (!oauth3._lintRequest) {
           return rawRequest(preq);
         }
@@ -153,12 +156,8 @@
         return goGetHer();
       }
 
-      preq.headers = preq.headers || {};
-      preq.headers.Authorization = 'Bearer ' + (preq.session.access_token || preq.session.accessToken);
-
       console.warn('lintAndRequest checkSession', preq);
       return oauth3.hooks.checkSession(preq, opts).then(goGetHer);
-
     }
 
     if (opts.rawCase) {