Skip to content

fix: singleton callback server for concurrent OAuth flows#278

Open
icebear0828 wants to merge 1 commit intomasterfrom
fix/oauth-singleton-callback
Open

fix: singleton callback server for concurrent OAuth flows#278
icebear0828 wants to merge 1 commit intomasterfrom
fix/oauth-singleton-callback

Conversation

@icebear0828
Copy link
Copy Markdown
Owner

@icebear0828 icebear0828 commented Mar 30, 2026

Summary

  • Refactor startCallbackServer()ensureCallbackServer() singleton pattern
  • Multiple concurrent OAuth flows share one HTTP server on port 1455
  • Each session's callback stored in sessionCallbacks Map by state, fully independent
  • Server auto-closes after 5 min idle instead of after each callback

Changes

  • src/auth/oauth-pkce.ts: Singleton server, per-session callbacks, idle timeout, cleanup on session expiry

Test plan

  • tsc --noEmit passes
  • OAuth session lifecycle tests: 10/10 pass
  • Manual: trigger concurrent OAuth logins via /auth/accounts/login

@icebear0828
fix: use singleton callback server for concurrent OAuth flows
e9abe49 
Previously each OAuth login created a new HTTP server on port 1455,
closing the old one first — causing port conflicts and race conditions
when multiple logins run concurrently.

Now uses a singleton server with per-session callbacks (sessionCallbacks
Map), idle timeout auto-close, and proper cleanup on session expiry.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@icebear0828