diff options
| author | msvechla <[email protected]> | 2026-01-20 17:18:49 +0100 |
|---|---|---|
| committer | GitHub <[email protected]> | 2026-01-20 10:18:49 -0600 |
| commit | 8f62d4a5e3f18879ec1116336c3094de4a624b36 (patch) | |
| tree | 8ad372b63bf8e127be201a1d04f7610a08e99706 | |
| parent | 733226de9d04b15d887799bc1ad9d06e2bef2724 (diff) | |
| download | opencode-8f62d4a5e3f18879ec1116336c3094de4a624b36.tar.gz opencode-8f62d4a5e3f18879ec1116336c3094de4a624b36.zip | |
fix(mcp): register OAuth callback before opening browser (#9646)
| -rw-r--r-- | packages/opencode/src/mcp/index.ts | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/packages/opencode/src/mcp/index.ts b/packages/opencode/src/mcp/index.ts index 66843aedc..a0a329775 100644 --- a/packages/opencode/src/mcp/index.ts +++ b/packages/opencode/src/mcp/index.ts @@ -795,6 +795,11 @@ export namespace MCP { // The SDK has already added the state parameter to the authorization URL // We just need to open the browser log.info("opening browser for oauth", { mcpName, url: authorizationUrl, state: oauthState }) + + // Register the callback BEFORE opening the browser to avoid race condition + // when the IdP has an active SSO session and redirects immediately + const callbackPromise = McpOAuthCallback.waitForCallback(oauthState) + try { const subprocess = await open(authorizationUrl) // The open package spawns a detached process and returns immediately. @@ -822,8 +827,8 @@ export namespace MCP { Bus.publish(BrowserOpenFailed, { mcpName, url: authorizationUrl }) } - // Wait for callback using the OAuth state parameter - const code = await McpOAuthCallback.waitForCallback(oauthState) + // Wait for callback using the already-registered promise + const code = await callbackPromise // Validate and clear the state const storedState = await McpAuth.getOAuthState(mcpName) |
