From 785008a93df5c99b3fbc63a22c8b641d489453b9 Mon Sep 17 00:00:00 2001 From: developer-ishan Date: Mon, 18 May 2026 20:22:34 +0000 Subject: [PATCH] fix(publisher): treat GitHub device-flow slow_down as retriable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GitHub's device-flow token endpoint returns slow_down when the client polls too frequently. Per RFC 8628 §3.5 this is a non-terminal signal: the client must increase its polling interval by 5 seconds and keep polling. The current pollForToken implementation only handles authorization_pending as retriable and bails on every other error, turning a routine rate-limit response into an unrecoverable "login failed: error polling for token: token request failed: slow_down". Treat slow_down the same as authorization_pending, bumping the interval per the RFC. Fixes #1289 --- cmd/publisher/auth/github-at.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/cmd/publisher/auth/github-at.go b/cmd/publisher/auth/github-at.go index 3e53529e..3482c1ee 100644 --- a/cmd/publisher/auth/github-at.go +++ b/cmd/publisher/auth/github-at.go @@ -229,8 +229,13 @@ func (g *GitHubATProvider) pollForToken(ctx context.Context, deviceCode string) return "", err } - if tokenResp.Error == "authorization_pending" { - // User hasn't authorized yet, wait and retry + // Per RFC 8628 §3.5, both authorization_pending and slow_down indicate + // the client should keep polling. slow_down additionally requires that + // the polling interval be increased by 5 seconds. + if tokenResp.Error == "authorization_pending" || tokenResp.Error == "slow_down" { + if tokenResp.Error == "slow_down" { + interval += 5 + } time.Sleep(time.Duration(interval) * time.Second) continue }