Skip to content

Block recovery on invalid OAuth credentials#16

Merged
sumitake merged 1 commit into
mainfrom
dev/codex/oauth-recovery
Jul 14, 2026
Merged

Block recovery on invalid OAuth credentials#16
sumitake merged 1 commit into
mainfrom
dev/codex/oauth-recovery

Conversation

@sumitake

@sumitake sumitake commented Jul 14, 2026

Copy link
Copy Markdown
Owner

Summary

  • classify refresh-token invalid_grant, HTTP 401, and unusable token files as explicit OAuth authorization conditions
  • keep OAuth client/config failures fatal even when returned with HTTP 401
  • serialize token refresh across encoder, helper, authorization, and optional telemetry processes
  • refresh and replay an exact buffered YouTube API request once after HTTP 401
  • preserve refresh-token rotation returned by the OAuth token endpoint
  • pause API recovery without ambiguous backoff until the private token file changes
  • preserve an already-public FFmpeg stream under its local watchdog and revalidate exact lifecycle state after reauthorization
  • limit child-specific signal handling to visible test-pattern runs so device authorization terminates normally
  • document the blocked lifecycle, shared local lock, recovery command, and automatic resume behavior

Root Cause

The API helper correctly reported a rejected refresh token as a permanent failure, but the supervisor accepted only retryable classes and converted fatal to ambiguous. That produced an endless retry cycle instead of an actionable authorization block. A cached access token that remained locally unexpired could also be rejected by YouTube with HTTP 401; that path bypassed refresh-token invalid_grant handling. The API CLI additionally installed test-pattern signal handlers for every subcommand, causing authorize to swallow termination signals when no child existed.

Safety

  • no OAuth, stream, camera, host, or deployment values are included
  • OAuth-blocked waits perform no YouTube API request or lifecycle-state mutation
  • HTTP 401 receives at most one token refresh and one exact replay; 403, 5xx, timeouts, and other failures are never replayed
  • invalid_client, invalid_scope, and unauthorized_client remain fatal and never trigger token refresh or token-file wait
  • token refresh is single-flight through one mode-0600 local-filesystem advisory lock
  • a rotated refresh token returned by Google is retained; an omitted or empty replacement preserves the existing token
  • a failed post-refresh replay waits on the post-refresh token fingerprint and cannot busy-loop on its own token write
  • existing mutation locks, exact-ID reconciliation, and write-ahead create intent remain unchanged
  • token fingerprints are bounded, local-only, and never logged or persisted
  • transient API and quota retry behavior is unchanged

Rollback

Revert PR #16 after merge and redeploy the two prior runtime scripts. No state migration or credential change is required.

Validation

  • .venv/bin/ruff check bin tests
  • .venv/bin/python -m py_compile bin/youtube-autoencoder bin/youtube-autoencoder-api
  • .venv/bin/pytest -q -> 244 passed
  • git diff --check
  • real concurrent expired-token callers -> one refresh request, shared result
  • rotated refresh-token response -> replacement retained on disk
  • HTTP 400/401 client/config failures -> fatal with no token refresh
  • distinct-family adversarial plan review -> Antigravity APPROVE and Claude APPROVE

Public-Safety Checklist

  • No OAuth client files, refresh tokens, stream keys, camera credentials, or generated runtime state were committed.
  • Documentation was updated for user-facing behavior changes.
  • Local tests or relevant manual validation were run.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces an explicit OAuth-blocked recovery mechanism for the YouTube AutoEncoder service. Instead of entering an ambiguous retry backoff, refresh-token rejections and unusable token files are now classified as explicit OAuth authorization blocks. The supervisor pauses API recovery and monitors the local token file for changes using fingerprinting, while preserving any active public stream under its local watchdog. Additionally, signal handlers are now limited to the visible test-pattern runs. The review feedback points out a critical issue where malformed or non-numeric expiration metadata in the token file could cause uncaught ValueError or TypeError exceptions, bypassing the OAuth-blocked recovery logic and propagating as a fatal error.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread bin/youtube-autoencoder-api Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ffe5f6574f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread bin/youtube-autoencoder-api Outdated
@sumitake
sumitake force-pushed the dev/codex/oauth-recovery branch from aa183cd to fcd4f03 Compare July 14, 2026 04:49

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fcd4f038d1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread bin/youtube-autoencoder-api
@sumitake
sumitake force-pushed the dev/codex/oauth-recovery branch from fcd4f03 to f97a5b7 Compare July 14, 2026 04:56
@sumitake
sumitake force-pushed the dev/codex/oauth-recovery branch from f97a5b7 to 3b7260e Compare July 14, 2026 05:03
@sumitake
sumitake merged commit 6265149 into main Jul 14, 2026
7 checks passed
@sumitake
sumitake deleted the dev/codex/oauth-recovery branch July 14, 2026 05:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant