Skip to content

Zombie black window flashes for ~1s when Safari deep-links back into cmux after sign-in (cmux://auth-callback) #7825

Description

@austinywang

Summary

With Safari as the default browser, the sign-in flow now completes successfully (post #7776), but when Safari deep-links back into cmux (cmux://auth-callback), a zombie black window appears for about a second and then disappears before focus lands back on the real cmux window.

User report (verbatim): "the sign in with safari as default browser works now but whats weird is when we deeplink back in the cmux there is an zombie black window that appears for a second and then disappears before going back to the cmux app for some reason."

Environment

Steps to reproduce

  1. Set Safari as the macOS default browser.
  2. Start sign-in from cmux; the flow hands off to Safari (per Clear stuck sign-in state after Safari browser handoff #7776 the ASWebAuthenticationSession completes with the non-auth HTTPS handoff URL and the attempt is parked while the sign-in continues in Safari).
  3. Complete sign-in in Safari so it deep-links back via cmux://auth-callback?....

Expected

Focus returns directly to the existing cmux window. No extra window appears.

Actual

A black, empty window flashes on screen for ~1 second, disappears, and only then does the real cmux window come to the front. Sign-in itself succeeds.

Leads (unverified, from code reading)

  1. AuthPresentationContextProvider.resolveAnchor() (Packages/Shared/CmuxAuthRuntime/Sources/CmuxAuthRuntime/Presentation/AuthPresentationContextProvider.swift) has a macOS fallback that constructs a bare NSWindow() and calls makeKey() on it when NSApplication.shared.keyWindow and windows.first are both unavailable — plausibly the state while the user is off in Safari and cmux is background. A bare NSWindow() made key is exactly a small black zombie window. Any anchor re-resolution during the parked-attempt/late-callback path added in Clear stuck sign-in state after Safari browser handoff #7776 could hit this.
  2. The ASWebAuthenticationSession window teardown when the parked attempt is resumed/cancelled by the incoming cmux://auth-callback (see HostBrowserSignInFlow.runBrowserSession non-auth completion handling and completeCallback) may briefly re-show the session window before dismissal.
  3. URL-open reactivation path: macOS delivering the cmux:// URL may route through a reopen/untitled-window path that creates a window the app then immediately closes.

auth.* unified log lines (auth.browser.session.*, auth.callback.*) around the flash should narrow which of these it is.

Related

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions