Skip to content

fix(auth): resolve timeout when API key uses x-api-key auth style#78

Open
Piyash1 wants to merge 1 commit intoMiniMax-AI:mainfrom
Piyash1:fix/auth-timeout-wrong-region
Open

fix(auth): resolve timeout when API key uses x-api-key auth style#78
Piyash1 wants to merge 1 commit intoMiniMax-AI:mainfrom
Piyash1:fix/auth-timeout-wrong-region

Conversation

@Piyash1
Copy link
Copy Markdown

@Piyash1 Piyash1 commented Apr 10, 2026

Problem

Users with valid API keys were experiencing timeouts on every request after
running mmx auth login --api-key sk-xxxxx. The CLI would hang or return
"LLM request timed out" even though the same key worked fine with direct
curl calls.

Root Cause (3 bugs)

Bug 1 — Wrong region selected silently (detect-region.ts)
The region detection probe that runs during mmx auth login only sent
Authorization: Bearer <key> headers. Some MiniMax API key types only
authenticate via x-api-key header. This caused all region probes to fail
silently, fall back to global, and route every subsequent request to the
wrong endpoint — producing timeouts or 401s on all commands.

Bug 2 — Token refresh hangs indefinitely (refresh.ts)
refreshAccessToken() called fetch() with no timeout signal. If the OAuth
token endpoint was slow or unreachable, the CLI would freeze with no error
message and no way to recover except Ctrl+C.

Bug 3 — Timeout error was too generic (handler.ts)
When a timeout did occur, the error hint only said "try increasing --timeout".
Users with a correct key and a wrong-region issue had no indication that
region misconfiguration was the likely cause.

Changes

src/config/detect-region.ts

  • probeRegion() now tries both Authorization: Bearer and x-api-key
    auth headers per region before giving up
  • A single successful probe (either style) is enough to identify the region
  • This ensures region detection works correctly regardless of API key type

src/auth/refresh.ts

  • Added AbortSignal.timeout(10_000) to the token refresh fetch() call
  • Network/timeout errors are caught and surfaced as a CLIError with
    ExitCode.AUTH and a clear message distinguishing timeout from
    session expired

src/errors/handler.ts

  • Now catches both AbortError and TimeoutError (the latter is thrown by
    Bun and modern runtimes when AbortSignal.timeout() fires)
  • Improved hint text suggests mmx auth status and mmx config set region
    as diagnostic steps when a timeout occurs on every request

Testing

Added test/auth/timeout-fix.test.ts covering:

  • Region probe succeeds when endpoint only accepts Bearer auth
  • Region probe succeeds when endpoint only accepts x-api-key auth
  • Graceful fallback to global when key is invalid for all styles/regions
  • refreshAccessToken throws CLIError with ExitCode.AUTH on non-ok response
  • refreshAccessToken returns fresh tokens on success
  • ensureFreshToken returns cached token when not near expiry
  • Timeout error message contains mmx auth status and region hints

Reproduction

# Key that only works with x-api-key header
mmx auth login --api-key sk-xxxxx
mmx text chat --message "hello"
# Before fix: times out on every request
# After fix:  works correctly

Related Issues

Closes #[issue number] — "Auth timeout on every request with valid API key"

@Piyash1
fix(auth): resolve timeout when API key uses x-api-key auth style
310933c 
- detect-region: probe both Bearer and x-api-key auth styles so region
  detection succeeds regardless of which header the endpoint accepts.
- refresh: add 10s AbortSignal.timeout to refreshAccessToken fetch so a
  slow/unreachable auth server surfaces a clear error instead of hanging.
- handler: catch TimeoutError alongside AbortError and improve timeout hint.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Piyash1