fix: prevent OAuth race condition causing auth failures

[monotykamary]

Summary

Fixes a race condition in the OAuth authorization flow that caused authentication to fail with a timeout error.

Problem

When authenticating with OAuth-based MCP servers (like Linear), waitForAuthorizationCode() was creating a new deferred promise if one didn't exist. However, redirectToAuthorization() also creates a new deferred. If the SDK's OAuth flow called waitForAuthorizationCode() before redirectToAuthorization() completed, they would wait on different deferreds, causing the OAuth callback to resolve a promise that nothing was waiting on. This resulted in the authentication hanging until timeout.

Solution

Changed waitForAuthorizationCode() to wait for redirectToAuthorization() to be initiated before proceeding, rather than creating a new deferred. A redirectInitiatedDeferred is used to signal when the redirect has been initiated, allowing waitForAuthorizationCode() to wait for it if called first. This ensures both methods always use the same authorizationDeferred promise.

Testing

• Verified mcporter auth linear now properly waits for browser approval
• The OAuth callback correctly resolves the authorization code

Fixes #36

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 047e86e880

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[steipete]

Landed via temp rebase onto main.

• Gate: pnpm check && pnpm test && pnpm build && pnpm run docs:list
• Land commit: cca61bb
• Merge commit: 30abe3d

Thanks @monotykamary!