fix(cortex-tui): reload auth token into provider_manager after login (#231)

echobt · factorydroid · web-flow · commit b4a1647da714 · 2026-01-27T14:20:52.000+01:00
When a user re-authenticated after session expiration, the new token was
saved to the keyring but never reloaded into the provider_manager. This
caused subsequent API calls to fail with 'session invalid' because the
provider_manager still had the old/expired token (or no token).

The fix adds token reloading in two places in the ToolEvent::Completed
handler for login events:
- After 'login_poll' success (new interactive login flow)
- After 'login' success (legacy chat-based login flow)

This ensures that after any successful login, the fresh auth token is
immediately available for API calls.

Fixes: session invalid error after re-authentication

Co-authored-by: Droid Agent &lt;droid@factory.ai&gt;
diff --git a/cortex-tui/src/runner/event_loop.rs b/cortex-tui/src/runner/event_loop.rs
@@ -3012,6 +3012,42 @@ impl EventLoop {
                         // Login successful
                         self.app_state.login_flow = None;
                         self.app_state.exit_interactive_mode();
+
+                        // CRITICAL: Reload fresh auth token into provider_manager
+                        // Without this, the provider_manager still has the old/expired token
+                        // and subsequent API calls will fail with "session invalid"
+                        if let Some(ref pm) = self.provider_manager {
+                            if let Some(token) = cortex_login::get_auth_token() {
+                                tracing::info!(
+                                    "Reloading fresh auth token into provider_manager after login"
+                                );
+                                pm.write().await.set_auth_token(token);
+                            } else {
+                                tracing::warn!(
+                                    "Login succeeded but could not load fresh token from keyring"
+                                );
+                            }
+                        }
+
+                        self.app_state.toasts.success("Logged in!");
+                        return;
+                    } else if id == "login" && success {
+                        // Legacy login flow (from handle_auth_login) - also reload the token
+                        // CRITICAL: Reload fresh auth token into provider_manager
+                        // Without this, the provider_manager still has the old/expired token
+                        if let Some(ref pm) = self.provider_manager {
+                            if let Some(token) = cortex_login::get_auth_token() {
+                                tracing::info!(
+                                    "Reloading fresh auth token into provider_manager after legacy login"
+                                );
+                                pm.write().await.set_auth_token(token);
+                            } else {
+                                tracing::warn!(
+                                    "Login succeeded but could not load fresh token from keyring"
+                                );
+                            }
+                        }
+                        self.add_system_message(&output);
                         self.app_state.toasts.success("Logged in!");
                         return;
                     }
