v0.8.3: Google device-flow DNS resilience#15
Merged
Conversation
The vezir-android 0.6.1 e2e hit a 502 "could not reach Google to start sign-in" on the first tap — the muscle DNS flake on the device/code POST (device/poll's JWKS path already got this treatment in 0.8.1, but device/start and the token exchange did not). - _post_with_retry: retries a Google POST on transient network/DNS errors with backoff (reuses _is_transient_network_error), used by both device/start and the device/poll token exchange. - device/start: only a genuine network failure after retries returns 502. - device/poll: a DNS/network failure reaching Google's token endpoint now returns 202 authorization_pending (keep polling) instead of a hard 502, so a mid-flow blip doesn't abort the sign-in. Tests: device/start retries a transient DNS error then succeeds (200); device/poll network error -> 202. Full suite 687 passed. ruff + mypy clean.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The vezir-android 0.6.1 on-device e2e hit a 502 "could not reach Google to start sign-in" on the first tap — the recurring muscle DNS flake on the
device/codePOST.device/poll's JWKS path got retry treatment in 0.8.1, butdevice/startand the token exchange did not.Changes
_post_with_retry— retries a Google POST on transient network/DNS errors with backoff (reuses_is_transient_network_error); used by bothdevice/startand thedevice/polltoken exchange.device/start— only a genuine network failure after retries returns 502.device/poll— a DNS/network failure reaching Google's token endpoint now returns 202authorization_pending(keep polling) instead of a hard 502, so a mid-flow blip doesn't abort sign-in.Tests
device/startretries a transient DNS error then succeeds (200).device/pollnetwork error → 202.Version 0.8.2 → 0.8.3.