Skip to content

fix(coderd/externalauth): retry transient refresh failures with backoff (backport #25686 to 2.32)#26162

Merged
f0ssel merged 1 commit into
coder:release/2.32from
maschwenk:backport/25686-to-release-2.32
Jun 17, 2026
Merged

fix(coderd/externalauth): retry transient refresh failures with backoff (backport #25686 to 2.32)#26162
f0ssel merged 1 commit into
coder:release/2.32from
maschwenk:backport/25686-to-release-2.32

Conversation

@maschwenk

Copy link
Copy Markdown
Contributor

Backport of #25686 to release/2.32.

Wraps external auth token refresh in an exponential-backoff retry so transient upstream failures no longer surface as InvalidTokenError and force users to re-authenticate.

Original PR: #25686 — fix(coderd/externalauth): retry transient refresh failures with backoff
Original commit: dfef6f5
Backport commit: b8a770c912c091180b2b8597dd7861d3e066d57d

Cherry-picked cleanly with git cherry-pick -x; no conflict resolution was needed.

Note

Generated with Codex by @maschwenk

External providers (GitHub in particular) intermittently fail token
refreshes with transient errors such as 5xx responses, network timeouts,
and rate-limited 429s. A single hiccup currently surfaces as an
InvalidTokenError and forces users to re-authenticate.

Wrap the TokenSource refresh in an exponential-backoff retry loop bounded
by a 10s total budget. Errors classified as permanent by isFailedRefresh
(e.g. revoked or rotated refresh tokens) skip the retry loop so a doomed
refresh is not repeated, which is especially important for providers with
single-use refresh tokens.

The retry parameters are exposed on Config so tests can run quickly
without depending on global state.

(cherry picked from commit dfef6f5)
@github-actions github-actions Bot added the community Pull Requests and issues created by the community. label Jun 9, 2026
@maschwenk maschwenk marked this pull request as ready for review June 9, 2026 14:00
@f0ssel f0ssel merged commit b770638 into coder:release/2.32 Jun 17, 2026
40 checks passed
@github-actions github-actions Bot locked and limited conversation to collaborators Jun 17, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

community Pull Requests and issues created by the community.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants