Skip to content

Bound kernel login token exchange with a timeout#202

Open
masnwilliams wants to merge 2 commits into
mainfrom
hypeship/login-token-timeout
Open

Bound kernel login token exchange with a timeout#202
masnwilliams wants to merge 2 commits into
mainfrom
hypeship/login-token-timeout

Conversation

@masnwilliams

@masnwilliams masnwilliams commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Summary

kernel login used a context with no deadline (signal.NotifyContext) and a default HTTP client with no timeout for the OAuth token exchange. When /token stalled (e.g. the auth server's Redis was unreachable), the browser showed the success page but the terminal spinner hung until the user hit Ctrl-C.

  • Wrap the authorization-code exchange (exchangeCodeForTokens) in a 30s context deadline.
  • Give the refresh request (RefreshTokens) an equivalent http.Client.Timeout.

Now a stalled auth server fails with a clear error in seconds instead of hanging the login. Companion to the kernel-mcp-server PR that stops the server side from hanging in the first place.

Test plan

  • go build ./..., go vet, gofmt, go test ./pkg/auth/... all pass
  • Manual: normal kernel login still completes against a healthy auth server (happy path unchanged)

Note

Low Risk
Small, defensive timeout wiring on existing OAuth HTTP calls; no change to token handling or security semantics beyond earlier failure on slow responses.

Overview
kernel login and token refresh no longer hang indefinitely when the auth server’s /token endpoint stalls (e.g. upstream Redis issues). The browser could already show success while the CLI spinner ran until Ctrl-C.

OAuth in pkg/auth/oauth.go now uses a shared 30s tokenExchangeTimeout: the authorization-code exchange wraps the caller context with context.WithTimeout before Config.Exchange, and RefreshTokens uses an http.Client with the same timeout instead of an unbounded default client.

Reviewed by Cursor Bugbot for commit 75a1057. Bugbot is set up for automated code reviews on this repo. Configure here.

The login flow used a context with no deadline and an HTTP client with no
timeout for the OAuth token exchange, so a stalled /token (e.g. auth-side Redis
down) left `kernel login` spinning until Ctrl-C. Cap the code exchange and the
refresh request at 30s so they fail with a clear error instead of hanging.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@masnwilliams masnwilliams marked this pull request as ready for review July 13, 2026 20:46
@masnwilliams masnwilliams requested a review from sjmiller609 July 13, 2026 20:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant