ctron · loispostula · Jan 30, 2026
diff --git a/src/agent/error.rs b/src/agent/error.rs
@@ -12,6 +12,8 @@ pub enum OAuth2Error {
     StartLogin(String),
     /// Failed to handle login result
     LoginResult(String),
+    /// Silent login found no active session (not a real error)
+    LoginRequired,
     /// Failed to handle token refresh
     Refresh(String),
     /// Failing storing information
@@ -27,6 +29,7 @@ impl Display for OAuth2Error {
             Self::Configuration(err) => write!(f, "configuration error: {err}"),
             Self::StartLogin(err) => write!(f, "start login error: {err}"),
             Self::LoginResult(err) => write!(f, "login result: {err}"),
+            Self::LoginRequired => f.write_str("login required"),
             Self::Refresh(err) => write!(f, "refresh error: {err}"),
             Self::Storage(err) => write!(f, "storage error: {err}"),
             Self::Internal(err) => write!(f, "internal error: {err}"),
@@ -38,7 +41,12 @@ impl std::error::Error for OAuth2Error {}
 
 impl From<OAuth2Error> for OAuth2Context {
     fn from(err: OAuth2Error) -> Self {
-        OAuth2Context::Failed(err.to_string())
+        match err {
+            OAuth2Error::LoginRequired => OAuth2Context::NotAuthenticated {
+                reason: crate::context::Reason::LoginRequired,
+            },
+            other => OAuth2Context::Failed(other.to_string()),
+        }
     }
 }
 

diff --git a/src/agent/mod.rs b/src/agent/mod.rs
@@ -417,6 +417,10 @@ where
             // cleanup URL
             Self::cleanup_url();
 
+            if error == "login_required" || error == "interaction_required" {
+                return Err(OAuth2Error::LoginRequired);
+            }
+
             // error from the OAuth2 server
             return Err(OAuth2Error::LoginResult(error));
         }

diff --git a/src/components/redirect/mod.rs b/src/components/redirect/mod.rs
@@ -135,6 +135,10 @@ where
                         let _ = agent.start_login();
                     }
                 }
+                Reason::LoginRequired => {
+                    // silent login (prompt=none) found no active session — do nothing,
+                    // let the app handle this as NotAuthenticated
+                }
                 Reason::Expired | Reason::Logout => {
                     match self.auth {
                         None | Some(OAuth2Context::NotInitialized) => {

diff --git a/src/context/mod.rs b/src/context/mod.rs
@@ -86,6 +86,8 @@ pub enum Reason {
     Expired,
     /// Because the user chose to log out.
     Logout,
+    /// Silent login (prompt=none) found no active session.
+    LoginRequired,
 }
 
 /// A handle to access the latest access token.