Skip to content

feat: add default session fallback for seamless authentication #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: add default session fallback for seamless authentication #42

wants to merge 1 commit into from

Conversation

Abhishekrajpurohit
Copy link

Summary

  • Implements automatic session fallback to resolve persistent authentication issues with MCP clients like n8n
  • Stores authenticated session ID after OAuth completion and uses it as fallback for subsequent calls
  • Eliminates "Please log in first" errors when clients use different session IDs

Problem Description

When integrating with MCP clients like n8n, users consistently encountered authentication failures despite completing OAuth successfully. The core issue was:

  1. Session ID Mismatch: MCP clients generate random session IDs for each request
  2. OAuth Completion: Authentication completes with one session ID (e.g., e73774a1-e2ea-4c2f-8f0f-396ef30dd5ba)
  3. Subsequent API Calls: Client uses different session ID (e.g., 976dd4e9-9003-44c9-83f3-6c7a3a31597f)
  4. Authentication Failure: Server treats new session ID as unauthenticated, returning "Please log in first"

This created a poor user experience where OAuth would complete successfully but all subsequent API calls would fail.

Solution Implementation

Added default session storage mechanism that automatically falls back to authenticated sessions:

Core Changes

  1. Session Storage: Added defaultSessionID and defaultSessionMu to Manager struct
  2. OAuth Integration: Modified HandleKiteCallback to store authenticated session as default
  3. Fallback Logic: Enhanced GetOrCreateSession to use default session for new/invalid sessions
  4. Session Lifecycle: Clear default session on new login attempts

Thread Safety

  • Used sync.RWMutex for concurrent access protection
  • Atomic operations for session retrieval and updates
  • Comprehensive logging for debugging and monitoring

Test Plan

  • Test OAuth completion stores default session correctly
  • Test new session IDs automatically use authenticated default session
  • Test concurrent access to default session storage
  • Test session clearing on new login attempts
  • Verify backward compatibility with existing valid sessions

Benefits

  • Zero Breaking Changes: Existing functionality unchanged
  • No Frontend Changes: Works with any MCP client without modifications
  • Seamless UX: Once OAuth completes, all API calls work regardless of session ID
  • Comprehensive Logging: Full audit trail of session operations
  • Thread Safe: Handles concurrent requests safely

This resolves the persistent authentication issue that affected n8n and potentially other MCP client integrations.

@manishvk514
feat: add default session fallback for seamless authentication
3f35625 
Implements automatic session fallback to resolve persistent authentication
issues when client session IDs don't match authenticated sessions.

## Problem
- n8n and other MCP clients generate random session IDs
- OAuth authentication completes with one session ID
- Subsequent API calls use different session IDs
- Results in "Please log in first" errors despite completed OAuth

## Solution
- Added default session storage in Manager struct
- Store authenticated session ID after successful OAuth callback
- Fallback to default session for invalid or new session IDs
- Thread-safe implementation with comprehensive logging

## Changes
- Add defaultSessionID and defaultSessionMu fields to Manager
- Implement SetDefaultSession, GetDefaultSession, ClearDefaultSession methods
- Update HandleKiteCallback to store authenticated session as default
- Enhance GetOrCreateSession with fallback logic for new sessions
- Clear default session on new login attempts

## Benefits
- Zero frontend changes required
- Seamless authentication after OAuth completion
- Backward compatible with existing valid sessions
- Comprehensive logging for debugging
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Abhishekrajpurohit @manishvk514