summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authormsvechla <[email protected]>2026-01-20 17:18:49 +0100
committerGitHub <[email protected]>2026-01-20 10:18:49 -0600
commit8f62d4a5e3f18879ec1116336c3094de4a624b36 (patch)
tree8ad372b63bf8e127be201a1d04f7610a08e99706
parent733226de9d04b15d887799bc1ad9d06e2bef2724 (diff)
downloadopencode-8f62d4a5e3f18879ec1116336c3094de4a624b36.tar.gz
opencode-8f62d4a5e3f18879ec1116336c3094de4a624b36.zip
fix(mcp): register OAuth callback before opening browser (#9646)
-rw-r--r--packages/opencode/src/mcp/index.ts9
1 files changed, 7 insertions, 2 deletions
diff --git a/packages/opencode/src/mcp/index.ts b/packages/opencode/src/mcp/index.ts
index 66843aedc..a0a329775 100644
--- a/packages/opencode/src/mcp/index.ts
+++ b/packages/opencode/src/mcp/index.ts
@@ -795,6 +795,11 @@ export namespace MCP {
// The SDK has already added the state parameter to the authorization URL
// We just need to open the browser
log.info("opening browser for oauth", { mcpName, url: authorizationUrl, state: oauthState })
+
+ // Register the callback BEFORE opening the browser to avoid race condition
+ // when the IdP has an active SSO session and redirects immediately
+ const callbackPromise = McpOAuthCallback.waitForCallback(oauthState)
+
try {
const subprocess = await open(authorizationUrl)
// The open package spawns a detached process and returns immediately.
@@ -822,8 +827,8 @@ export namespace MCP {
Bus.publish(BrowserOpenFailed, { mcpName, url: authorizationUrl })
}
- // Wait for callback using the OAuth state parameter
- const code = await McpOAuthCallback.waitForCallback(oauthState)
+ // Wait for callback using the already-registered promise
+ const code = await callbackPromise
// Validate and clear the state
const storedState = await McpAuth.getOAuthState(mcpName)