Skip to content

cli login hanging intermittently #227

Closed
Closed
cli login hanging intermittently#227
Labels
Bug
@ericpaulsen

Description

@ericpaulsen
ericpaulsen
opened on Jan 31, 2026

Blink CLI Authentication Hangs After Browser Success

Summary

blink login and blink deploy hang indefinitely on "Waiting for authentication..." even after the browser-based auth flow completes successfully. No session/config file is created.

Environment

  • Host OS: macOS (Mac Mini)
  • Blink CLI: v1.1.39
  • Blink Server: ghcr.io/coder/blink-server:7a1e123
  • Docker: Docker Desktop for Mac
  • Network: Tailscale (tailnet-only access)

Network Architecture

┌─────────────────────────────────────────────────────────────────────────────┐
│                              Mac Mini (Host)                                │
│                                                                             │
│  ┌─────────────┐     ┌──────────────────┐     ┌─────────────────────────┐  │
│  │   Ollama    │     │  Tailscale Serve │     │      Blink CLI          │  │
│  │ :11434      │     │                  │     │  (blink login/deploy)   │  │
│  │ (localhost) │     │  HTTPS :443 ───────────▶ polls for auth callback │  │
│  └─────────────┘     │       │          │     └─────────────────────────┘  │
│         ▲            │       ▼          │                                   │
│         │            │  localhost:3000  │                                   │
│         │            └────────┬─────────┘                                   │
│         │                     │                                             │
│         │     ┌───────────────┴───────────────┐                             │
│         │     │        Docker Bridge          │                             │
│         │     │     (host.docker.internal)    │                             │
│         │     └───────────────┬───────────────┘                             │
│         │                     │                                             │
│  ┌──────┴─────────────────────┴─────────────────────────────────────────┐  │
│  │                        Docker Containers                              │  │
│  │                                                                       │  │
│  │  ┌─────────────────────────┐    ┌─────────────────────────────────┐  │  │
│  │  │   blink-server:7a1e123  │    │        postgres:17-alpine       │  │  │
│  │  │   (agent-blink-server-1)│    │        (agent-postgres-1)       │  │  │
│  │  │                         │    │                                 │  │  │
│  │  │   :3000 ◀── published   │    │   :5432                         │  │  │
│  │  │         to host :3000   │    │                                 │  │  │
│  │  └────────────┬────────────┘    └─────────────────────────────────┘  │  │
│  │               │                                                       │  │
│  │               ▼                                                       │  │
│  │  ┌─────────────────────────┐                                         │  │
│  │  │   blink-agent:latest    │ ◀── spawned by blink-server             │  │
│  │  │   (deployed agent)      │                                         │  │
│  │  │                         │                                         │  │
│  │  │   Needs OLLAMA_BASE_URL │                                         │  │
│  │  │   =http://host.docker.  │                                         │  │
│  │  │    internal:11434/v1    │                                         │  │
│  │  └─────────────────────────┘                                         │  │
│  └───────────────────────────────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────────────────────────────────┘
                                    │
                                    │ Tailscale (MagicDNS)
                                    ▼
                    https://erics-mac-mini.tail29e42.ts.net
                         (tailnet devices only)

Blink Server Configuration

# Environment variables (from docker exec)
BLINK_ACCESS_URL=https://erics-mac-mini.tail29e42.ts.net
BLINK_API_SERVER_LISTEN_PORT=3000
BLINK_PORT=3000
BLINK_AUTH_SECRET=<redacted>
BLINK_POSTGRES_URL=postgresql://postgres:postgres@postgres:5432/blink

docker-compose.yaml

services:
  blink-server:
    image: ghcr.io/coder/blink-server:7a1e123
    restart: unless-stopped
    user: "0:0"  # root for docker.sock access
    ports:
      - "3000:3000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - blink-config:/home/server/.config/blink-server/
    environment:
      - BLINK_POSTGRES_URL=postgresql://postgres:postgres@postgres:5432/blink
      - BLINK_ACCESS_URL=https://erics-mac-mini.tail29e42.ts.net
      - BLINK_API_SERVER_LISTEN_PORT=3000
      - BLINK_PORT=3000
      - BLINK_AUTH_SECRET=<redacted>

  postgres:
    image: postgres:17-alpine
    # ... standard postgres config

Tailscale Serve Configuration

$ tailscale serve status
https://erics-mac-mini.tail29e42.ts.net (tailnet only)
|-- / proxy http://127.0.0.1:3000

Steps to Reproduce

  1. Start the control plane:

    docker compose up -d

  2. Verify server is running:

    curl https://erics-mac-mini.tail29e42.ts.net/
# Returns: /login (redirect)

  3. Attempt to authenticate:

    export BLINK_API_URL=https://erics-mac-mini.tail29e42.ts.net
blink login

  4. Browser opens to auth page, complete the flow → Browser shows "Success"

  5. CLI remains stuck:

    Visit https://erics-mac-mini.tail29e42.ts.net/auth?id=<uuid> to authenticate with Blink.
Press [ENTER] to open the browser
│
◒  Waiting for authentication...

Observations

  • Browser auth succeeds: The auth page loads, login completes, success message displays
  • CLI never receives callback: Hangs indefinitely on "Waiting for authentication..."
  • No config file created: ~/.config/blink/config.json does not exist after auth
  • Same behavior on localhost: Using BLINK_API_URL=http://localhost:3000 exhibits identical behavior
  • Server logs show no errors: Only benign chart rendering warnings
  • API is reachable: curl commands to the API work (returns 404 for unknown endpoints, as expected)

Tested Variations

Attempt Result
BLINK_API_URL=https://erics-mac-mini.tail29e42.ts.net blink login Hangs
BLINK_API_URL=http://localhost:3000 blink login Hangs
blink deploy (triggers auth flow) Hangs
Restart blink-server, retry Hangs

Hypothesis

The CLI appears to use polling or WebSocket to wait for the auth callback. Possible causes:

  1. Callback URL mismatch: The server may be constructing callback URLs that don't resolve correctly
  2. WebSocket/SSE not proxying through Tailscale Serve: Long-lived connections may not work through the proxy
  3. Session storage issue: Auth completes but session isn't persisted or retrievable by CLI
  4. Port/URL confusion: BLINK_ACCESS_URL is HTTPS :443 but server listens on :3000

Workaround

blink dev works for local development (runs agent on host, not in container):

cd agent && OLLAMA_BASE_URL=http://localhost:11434/v1 blink dev

Additional Context

  • Ollama is bound to localhost only (secure, not exposed on Tailscale)
  • This setup is for a self-hosted Blink instance accessible only via Tailscale

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions