refactor: remove deprecated OAuth authentication base classes

Brokerages/Authentication/LeanOAuthTokenHandler.cs

@@ -25,6 +25,15 @@ namespace QuantConnect.Brokerages.Authentication
     /// </summary>
     public class LeanOAuthTokenHandler : LeanOAuthTokenHandler<LeanTokenCredentials>
     {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="LeanOAuthTokenHandler"/> class with default token credentials type.
+        /// </summary>
+        /// <param name="apiClient">The API client used to communicate with the Lean platform.</param>
+        /// <param name="request">The request model used to generate the access token.</param>
+        /// <param name="tokenLifetime">
+        /// The expected lifetime of a fetched token. A 1-minute safety buffer is applied before expiry.
+        /// Must be provided explicitly — each brokerage has a different token lifetime.
+        /// </param>
         public LeanOAuthTokenHandler(ApiConnection apiClient, OAuthTokenRequest request, TimeSpan tokenLifetime)
             : base(apiClient, request, tokenLifetime)
         {
@@ -109,7 +118,7 @@ public LeanOAuthTokenHandler(ApiConnection apiClient, OAuthTokenRequest request,
         /// Retries up to <see cref="MaxRetryCount"/> times on failure, and is thread-safe via double-checked locking.
         /// </summary>
         /// <param name="cancellationToken">A token used to observe cancellation requests.</param>
-        /// <returns>A <see cref="TokenCredentials"/> containing the token type and access token string.</returns>
+        /// <returns>A <see cref="LeanTokenCredentials"/> instance containing the token type and access token string.</returns>
         public override T GetAccessToken(CancellationToken cancellationToken)
         {
             // Fast path: return cached token without acquiring the lock
@@ -134,7 +143,7 @@ public override T GetAccessToken(CancellationToken cancellationToken)
 
                         if (_apiClient.TryRequest<T>(request, out var response))
                         {
-                            if (response.Success)
+                            if (response.Success && !string.IsNullOrEmpty(response.AccessToken))
                             {
                                 // Write expiry before credentials — the volatile write of _tokenCredentials
                                 // acts as a release fence, ensuring the fast-path reader sees _tokenExpiresAt.

Brokerages/Authentication/LeanTokenHandler.cs

@@ -41,12 +41,13 @@ public abstract class LeanTokenHandler<T> : DelegatingHandler
         private readonly Func<TokenType, string, AuthenticationHeaderValue> _createAuthHeader;
 
         /// <summary>
-        /// Initializes a new instance of the <see cref="LeanTokenHandler"/> class.
+        /// Initializes a new instance of the <see cref="LeanTokenHandler{T}"/> class.
         /// </summary>
         /// <param name="createAuthHeader">
         /// An optional delegate for creating an <see cref="AuthenticationHeaderValue"/>
         /// from the token type and access token. If not provided, a default implementation is used.
         /// </param>
+        /// <param name="handler">An optional inner <see cref="HttpMessageHandler"/>. If not provided, a default <see cref="HttpClientHandler"/> is used.</param>
         protected LeanTokenHandler(Func<TokenType, string, AuthenticationHeaderValue> createAuthHeader = null, HttpClientHandler handler = null)
             : base(handler ?? new HttpClientHandler())
         {
@@ -59,9 +60,7 @@ protected LeanTokenHandler(Func<TokenType, string, AuthenticationHeaderValue> cr
         /// with optional support for caching and refresh logic.
         /// </summary>
         /// <param name="cancellationToken">A cancellation token that can be used to cancel the token retrieval operation.</param>
-        /// <returns>
-        /// A <see cref="TokenCredentials"/> instance containing the token type and access token string.
-        /// </returns>
+        /// <returns>A <see cref="LeanTokenCredentials"/> instance containing the token type and access token string.</returns>
         public abstract T GetAccessToken(CancellationToken cancellationToken);
 
         /// <summary>