Skip to content

[rmcp-client] Serialize MCP OAuth login and logout#29019

Open
stevenlee-oai wants to merge 1 commit into
dev/stevenlee/mcp-oauth-stack-1-refresh-transactionfrom
dev/stevenlee/mcp-oauth-stack-3-login-logout
Open

[rmcp-client] Serialize MCP OAuth login and logout#29019
stevenlee-oai wants to merge 1 commit into
dev/stevenlee/mcp-oauth-stack-1-refresh-transactionfrom
dev/stevenlee/mcp-oauth-stack-3-login-logout

Conversation

@stevenlee-oai

@stevenlee-oai stevenlee-oai commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Codex Thread 019edd6d-6f14-74e2-853c-345d1803d4a6

Important

This PR belongs to the superseded MCP OAuth stack. Please review and merge the replacement stack beginning with openai/codex#30292. This PR remains available only as historical/reference context.

Replacement review order:

  1. openai/codex#30292 — shared File/Secrets store locking
  2. openai/codex#30293 — authoritative serialized refresh
  3. openai/codex#30294 — Codex-owned transport refresh and one-shot 401 recovery
  4. openai/codex#30295 — login/logout transaction serialization
  5. openai/codex#30296 — diagnostic-only Auto store drift reporting

This is part 2 of a five-PR stack that prevents concurrent MCP OAuth refreshes from replaying a rotating refresh token or overwriting newer credentials.

Review and merge as one stack. The five PRs are an atomic merge unit split only for reviewability. Each tip compiles and is testable, but implementation and regression tests are intentionally not duplicated across intermediate layers.

Review order

  1. openai/codex#29017 — refresh ownership, authoritative reread, and lifecycle-local store pinning
  2. openai/codex#29019 — serialize login and logout with refresh (this PR)
  3. openai/codex#29021 — lock aggregate stores and observe Auto resolution drift
  4. openai/codex#29018 — route all OAuth recovery through Codex
  5. openai/codex#30089 — consolidated concurrency and transport regression tests

Why

Login, logout, and refresh all mutate the same credential identity. If login or logout bypasses the refresh transaction lock, an older in-flight refresh can overwrite a completed login or recreate credentials after logout.

What changes

  • Make OAuth callback persistence acquire the same per-credential transaction lock as refresh.
  • Make CLI logout acquire that lock before deleting credentials.
  • Preserve the lock order: per-credential transaction lock before any aggregate store lock.

Decisions encoded by this stack

  • Login, logout, and refresh serialize on the same compute_store_key(server_name, url) identity.
  • A completed login or logout is authoritative over stale in-memory refresh state.
  • Lock acquisition remains bounded.
  • Auto remains lifecycle-local; part 3 records only non-authoritative diagnostic history and does not add selector metadata or migration.
  • openai/codex#28647 and its branch remain untouched.

Review focus

Review credential identity consistency and lock ordering across callback persistence, refresh, and CLI logout. Part 3 separately protects aggregate File/Secrets maps after a transaction reaches a store.

Non-goals

  • Changing the OAuth callback or CLI contract.
  • Deleting residue from the non-selected Auto store.

Validation

  • just test -p codex-rmcp-client: 90 passed, 2 skipped.
  • just test -p codex-cli: 292 passed.
  • The refresh-vs-login and refresh-vs-logout race cases are consolidated in part 5.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c81db4f9b3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread codex-rs/rmcp-client/src/oauth.rs
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-2-authoritative-reread branch from 3817102 to f7e19d4 Compare June 19, 2026 04:06
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from c81db4f to b723a59 Compare June 19, 2026 04:06
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from b723a59 to 0da283d Compare June 19, 2026 15:29
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-2-authoritative-reread branch from f7e19d4 to 0857761 Compare June 19, 2026 15:29
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from 0da283d to 50cbb47 Compare June 19, 2026 16:18
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-2-authoritative-reread branch from 0857761 to 2316f9d Compare June 19, 2026 16:18
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-2-authoritative-reread branch from 2316f9d to 56d1bbb Compare June 23, 2026 06:06
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from 50cbb47 to 4d5fa46 Compare June 23, 2026 06:16
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-2-authoritative-reread branch from 56d1bbb to a3d15a8 Compare June 23, 2026 07:27
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from 4d5fa46 to 0c1a341 Compare June 23, 2026 07:27
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-2-authoritative-reread branch from a3d15a8 to 588ddc8 Compare June 23, 2026 23:38
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from 0c1a341 to 8926a37 Compare June 23, 2026 23:38
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-2-authoritative-reread branch from 588ddc8 to 9b9cf8d Compare June 25, 2026 02:45
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch 2 times, most recently from a548c67 to e6aa44f Compare June 25, 2026 02:54
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-2-authoritative-reread branch from 9b9cf8d to 1725fd0 Compare June 25, 2026 02:54
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from e6aa44f to e7cdf26 Compare June 25, 2026 17:26
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-2-authoritative-reread branch 2 times, most recently from 20c28a3 to cce79ee Compare June 25, 2026 18:07
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from e7cdf26 to f6102b4 Compare June 25, 2026 18:07
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from f6102b4 to b614316 Compare June 25, 2026 18:45
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-2-authoritative-reread branch from cce79ee to 8b83b05 Compare June 25, 2026 18:45
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from b614316 to 349a7f4 Compare June 25, 2026 21:11
@stevenlee-oai stevenlee-oai requested a review from a team as a code owner June 25, 2026 21:11
@stevenlee-oai stevenlee-oai changed the base branch from dev/stevenlee/mcp-oauth-stack-2-authoritative-reread to dev/stevenlee/mcp-oauth-stack-1-refresh-transaction June 25, 2026 21:13
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from 349a7f4 to a727719 Compare June 25, 2026 21:16
@stevenlee-oai stevenlee-oai reopened this Jun 25, 2026
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from 349a7f4 to 674f690 Compare June 25, 2026 21:29
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-1-refresh-transaction branch 2 times, most recently from a5f5c2c to 3202970 Compare June 26, 2026 05:51
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch 2 times, most recently from 4c3d976 to a6f054b Compare June 26, 2026 06:10
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-1-refresh-transaction branch from 3202970 to 4f9dc56 Compare June 26, 2026 06:10
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-3-login-logout branch from a6f054b to b60ae97 Compare June 26, 2026 06:33
@stevenlee-oai stevenlee-oai force-pushed the dev/stevenlee/mcp-oauth-stack-1-refresh-transaction branch from 4f9dc56 to 4d4b956 Compare June 26, 2026 06:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant