You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat: proactive OAuth token refresh and logout commands (#180)
* feat: proactive OAuth token refresh and logout commands
Add RefreshManager to proactively refresh OAuth tokens at 80% of their
lifetime, preventing authentication disruptions for long-running sessions.
Features:
- Proactive token refresh at 80% of token lifetime with exponential backoff
- CLI `mcpproxy auth logout --server=<name>` command for token revocation
- REST `POST /api/v1/servers/{id}/logout` endpoint for programmatic logout
- OAuth flow coordination to prevent refresh conflicts during active flows
- SSE events for token refresh status updates (oauth.token.refreshed/failed)
Implementation:
- RefreshManager with configurable threshold and retry logic
- Integration with PersistentTokenStore for BBolt-backed token lifecycle
- Management service methods: TriggerOAuthLogout, RefreshOAuthToken
- CLI supports both daemon mode (via socket) and standalone mode
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add Logout button to Web UI server card
- Add Logout button that appears when server is authenticated
- Button triggers OAuth logout via existing triggerOAuthLogout store action
- Uses btn-warning styling to indicate destructive action
- Shows loading spinner during logout operation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add bug report for OAuth reconnection after login
Documents pre-existing issue where server doesn't connect immediately
after OAuth login completes. Includes root cause analysis and proposed fixes.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
# Bug: Server doesn't connect immediately after OAuth login
2
+
3
+
## Summary
4
+
After successful OAuth authentication via browser flow, the server remains in "Disconnected" status instead of automatically connecting. Users must manually restart the server to establish a connection.
5
+
6
+
## Expected Behavior
7
+
After OAuth login completes successfully:
8
+
1. Token is saved to persistent storage
9
+
2. Server automatically attempts connection using the new token
10
+
3. Server status updates to "Connected" in UI
11
+
12
+
## Actual Behavior
13
+
After OAuth login completes:
14
+
1. Token is saved to persistent storage ✅
15
+
2.`RetryConnection` is called but fails with "OAuth authentication required"
16
+
3. Server remains "Disconnected" despite having a valid token
17
+
18
+
## Root Cause Analysis
19
+
20
+
The issue is in `internal/upstream/core/connection.go` lines 1028-1033:
21
+
22
+
```go
23
+
// Check if we have a recently completed OAuth flow that should have tokens
24
+
if oauth.GetTokenStoreManager().HasRecentOAuthCompletion(c.serverName) {
25
+
c.logger.Info("OAuth flow recently completed, tokens should be available",
26
+
zap.String("server", c.serverName))
27
+
// Skip the browser flow since tokens should be available
28
+
}
29
+
```
30
+
31
+
**Problem**: The code logs "Skip the browser flow since tokens should be available" but doesn't actually change the control flow. The browser OAuth flow is still triggered, which fails because OAuth is already complete.
0 commit comments