Usability: Handle Concurrent Interactive OCI Authentication (java.net.BindException: Address already in use)

[Michael-A-McMahon]

In some cases, a user may initiate interactive authentication for OCI, but then never complete a login in their web browser. This leaves an HTTP server running, and listening on a fixed port number.

A user may then attempt to initiate interactive authentication again, and on this second attempt they will see an error: java.net.BindException: Address already in use. This occurs due to the first server having already claimed the fixed port number.

Resolving this situation can be quite difficult for the user. They need to figure out which process has launched the first interactive authentication, and then abort it, or possibly kill the process.

It would be much nicer if our provider could somehow recover from this situation.

Note that, we can not resolve this by using a random port number. The OCI service will reject a redirect URI which does not use a specific port number.

One way to improve the situation would be a default timeout for interactive authentication. Maybe 1 or 2 minutes. We need to consider what is a reasonable time for a human to complete a login in their web browser. I think a timeout would resolve the issue for many users, without a huge development cost for this project.

A more sophisticated solution might involve aborting any existing HTTP server before launching a new one. We could define a special an endpoint like: localhost:8181/abort. And we could define a handler for this endpoint that would close the HTTP server. If we have this, then any existing HTTP server could be closed down, releasing the bind address, before launching a new server. Of course, this won't work if some other process which we don't implement is using the 8181 port number.