Fix OAuth login hangs after browser callback#204
Open
IlyaasK wants to merge 1 commit into
Open
Conversation
Bound the token exchange, correct the callback status, and propagate cancellation so stalled authentication cannot wait indefinitely or appear successful.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Why
The existing five-minute timeout only covered waiting for the browser callback. After receiving the callback, the token exchange reused a signal-only context with no deadline. If the auth server accepted the connection but never completed the response, the CLI could wait forever while the browser incorrectly reported that authentication had succeeded.
Before and after
Before:
authentication successfulbefore the token exchange.Waiting for authentication...during the exchange.After:
authorization receivedand directs the user back to the terminal.Verification
make test(includesgo vet ./...andgo test ./...)This makes the CLI bounded and accurate when the upstream token exchange stalls; it does not claim to fix the auth service behavior that caused the original staging response to hang.
Note
Medium Risk
Touches the OAuth login path and token exchange timing; bounded change with tests, but failures here block CLI authentication.
Overview
Fixes indefinite hangs after the browser OAuth callback by adding a 30s deadline on token exchange and tightening login messaging so users are not told auth succeeded before tokens exist.
The callback HTML now says authorization received (not authentication successful) and tells users to return to the terminal while the CLI finishes. After the callback, the CLI prints that it is completing authentication while
exchangeCodeForTokensruns withcontext.WithTimeout.Ctrl+C during login now returns
ctx.Err()instead of exiting successfully. Regression tests cover the callback copy and stalled token endpoint timeout behavior.Reviewed by Cursor Bugbot for commit 87ac27e. Bugbot is set up for automated code reviews on this repo. Configure here.