You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Serialize device auth in hex_cli_auth to reuse concurrent logins (#197)
device_auth was the only auth-resolution path in hex_cli_auth not wrapped
in global:trans. Concurrent callers that all needed to authenticate (e.g.
parallel commands with no credentials) each kicked off their own device
auth flow, prompting the user and persisting a token multiple times instead
of sharing a single login.
Wrap maybe_authenticate_and_retry in a single global lock (the device auth
token is always persisted to the global OAuth scope, so the lock is not
keyed by repo). Inside the lock, re-resolve auth first and reuse a token
that differs from the one we arrived with: a waiting caller picks up the
login a prior winner just persisted instead of prompting again. The
"differs from current" check covers both entry reasons — no_credentials
(no key in config) and token_refresh_failed (the rejected key in config) —
and avoids an infinite retry loop when the server keeps rejecting a token
that still looks valid by expiry.
Add a regression test that drives concurrent callers through a barrier and
blocks the winner inside should_authenticate, asserting exactly one caller
is prompted and the persisted login is reused by the rest.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
0 commit comments