fix: resolve auth 429 and macOS keychain hang (#8)#28
Closed
akonan wants to merge 1 commit intosteipete:mainfrom
Closed
fix: resolve auth 429 and macOS keychain hang (#8)#28akonan wants to merge 1 commit intosteipete:mainfrom
akonan wants to merge 1 commit intosteipete:mainfrom
Conversation
Three bugs causing eightctl to always fail on macOS: 1. authTokenEndpoint used hardcoded client_id 'sleep-client' and empty client_secret instead of the configured app credentials, causing 400/429 on the OAuth token endpoint. 2. do() retried on 429/401 with infinite recursion — no retry limit meant the process would hang forever if the API kept rate-limiting. 3. Token cache defaulted to macOS Keychain which blocks waiting for GUI approval in non-interactive (agent/CLI) contexts. Switched to FileBackend only, which works headlessly. Fixes steipete#8
Collaborator
|
Thanks for tackling the 429 loop and keychain hang, @akonan! Both are real problems. I've consolidated the fixes into #24, which includes bounded retries with backoff, headless keyring fallback, plus OAuth form-encoding and gzip fixes. Closing this in favor of that combined fix. Appreciate the contribution — we'll get this released soon! 🙏 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #8
Root causes
Three bugs were causing eightctl to always fail on macOS:
1. Wrong
client_idin OAuth token endpointauthTokenEndpoint()hardcodedclient_id: "sleep-client"andclient_secret: ""instead of using the configured app credentials. This returns a 400/429 from the auth API.Fix: Use
c.ClientIDandc.ClientSecret(which default to the correct Android app credentials).2. Infinite retry loop on 429/401
do()retried indefinitely on rate-limit and auth errors via recursion with no limit — causing permanent hangs.Fix: Added
doWithRetry()with aretriesLeftcounter (max 3 retries).3. macOS Keychain blocks in non-interactive contexts
The token cache used
KeychainBackendas first preference, which pops a GUI auth dialog and blocks forever when running as an agent/daemon/CLI without a desktop session.Fix: Switched token cache to
FileBackendonly (~/.config/eightctl/keyring/), which works headlessly.Testing
After these fixes,
eightctl statusworks first time: