fix(codex): harden device-code and browser OAuth sign-in#107
Merged
Conversation
Three reliability gaps in the Codex (ChatGPT subscription) sign-in: - The device-code fetches (usercode init, poll, token exchange) had no per-request timeout, so a hung auth.openai.com socket could wedge login past the DEVICE_TIMEOUT_MS deadline. Bound each with OAUTH_HTTP_TIMEOUT_MS. - The poll loop failed on ANY status other than 403/404, so a single transient 429/5xx (or a network blip) aborted the whole sign-in. Keep polling on pending (403/404) and transient (429/5xx / network) statuses to the deadline, backing off on a 429; only a genuine terminal status ends the login. Extracted classifyDevicePollStatus() for coverage. - The browser loopback listener was stopped only on the success path, so a CSRF/denied/timeout attempt leaked port 1455 for the life of the process and blocked the next browser sign-in. Stop it in a finally.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part of making Codex (ChatGPT-subscription) sign-in 100% reliable. Three independent reliability gaps:
Device-code fetches had no timeout. The
usercodeinit, the poll, and the token exchange each ran with noAbortSignal, so a hungauth.openai.comsocket could wedge login past theDEVICE_TIMEOUT_MSdeadline. Each is now bound byOAUTH_HTTP_TIMEOUT_MS.A transient blip aborted the whole sign-in. The poll loop failed on any status other than 403/404, so a single 429/5xx (or a network blip) killed the login. It now keeps polling on pending (403/404) and transient (429/5xx / network error) statuses until the deadline — backing off on a 429 — and only stops on a genuine terminal status. Extracted
classifyDevicePollStatus()(unit-tested).The loopback listener leaked on failure.
stopOAuthServer()ran only on the browser success path, so a CSRF/denied/timeout attempt left port 1455 bound for the life of the process and blocked the next browser sign-in. It's now stopped in afinally.Follow-ups (separate PRs): 401-triggered refresh+retry on the request path, and the explicit ChatGPT-vs-API-key sign-in branch.
Tests
test/plugin/codex-device-poll.test.tscovers the pending/transient/fail classification; the existingcodex-refreshtest still passes.