Skip to content

Fix OAuth login hangs after browser callback#204

Open
IlyaasK wants to merge 1 commit into
mainfrom
hypeship/fix-oauth-token-timeout
Open

Fix OAuth login hangs after browser callback#204
IlyaasK wants to merge 1 commit into
mainfrom
hypeship/fix-oauth-token-timeout

Conversation

@IlyaasK

@IlyaasK IlyaasK commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

What

  • Change the browser callback page to say authorization was received, since the CLI has not exchanged the code for tokens yet.
  • Show terminal progress while the CLI completes the token exchange.
  • Bound the token exchange to 30 seconds.
  • Return a cancellation error so Ctrl+C exits nonzero.

Why

The existing five-minute timeout only covered waiting for the browser callback. After receiving the callback, the token exchange reused a signal-only context with no deadline. If the auth server accepted the connection but never completed the response, the CLI could wait forever while the browser incorrectly reported that authentication had succeeded.

Before and after

Before:

  • The browser reported authentication successful before the token exchange.
  • The terminal continued to show Waiting for authentication... during the exchange.
  • A stalled exchange had no timeout.
  • Ctrl+C printed cancellation but exited successfully.

After:

  • The browser reports authorization received and directs the user back to the terminal.
  • The terminal reports that it is completing authentication.
  • A stalled exchange fails after 30 seconds with a timeout error.
  • Ctrl+C exits nonzero.

Verification

  • make test (includes go vet ./... and go test ./...)
  • Added a regression test using a deliberately stalled token endpoint and verified the exchange respects its deadline.
  • Added a callback-page regression test preventing it from claiming authentication completed before token exchange.
  • Built the CLI, started login with browser launch disabled, sent SIGINT, and verified exit code 1.

This makes the CLI bounded and accurate when the upstream token exchange stalls; it does not claim to fix the auth service behavior that caused the original staging response to hang.


Note

Medium Risk
Touches the OAuth login path and token exchange timing; bounded change with tests, but failures here block CLI authentication.

Overview
Fixes indefinite hangs after the browser OAuth callback by adding a 30s deadline on token exchange and tightening login messaging so users are not told auth succeeded before tokens exist.

The callback HTML now says authorization received (not authentication successful) and tells users to return to the terminal while the CLI finishes. After the callback, the CLI prints that it is completing authentication while exchangeCodeForTokens runs with context.WithTimeout.

Ctrl+C during login now returns ctx.Err() instead of exiting successfully. Regression tests cover the callback copy and stalled token endpoint timeout behavior.

Reviewed by Cursor Bugbot for commit 87ac27e. Bugbot is set up for automated code reviews on this repo. Configure here.

Bound the token exchange, correct the callback status, and propagate cancellation so stalled authentication cannot wait indefinitely or appear successful.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant