Fix websocket connection leak during authentication#92
Merged
sk-keeper merged 3 commits intoKeeper-Security:releasefrom Nov 13, 2025
Merged
Fix websocket connection leak during authentication#92sk-keeper merged 3 commits intoKeeper-Security:releasefrom
sk-keeper merged 3 commits intoKeeper-Security:releasefrom
Conversation
Previously, when applications using SSO authentication exited, the asyncio event loop was closed while background tasks were still running, resulting in: - ERROR: Task was destroyed but it is pending - RuntimeError: Event loop is closed This issue occurred specifically with SSO authentication flows that use push notifications, but not with password-only authentication. This fix ensures proper cleanup by: 1. Cancelling all pending tasks before stopping the event loop 2. Giving tasks time (0.3s) to handle CancelledError gracefully 3. Waiting for the event loop thread to finish before closing This prevents "Task was destroyed but it is pending" errors when shutting down applications that use SSO with push notifications.
sk-keeper
reviewed
Nov 13, 2025
This reverts commit 8364e1c.
During SSO authentication flows, a push notification websocket (LoginPushNotifications) is created to handle 2FA, device approval, and SSO data key requests. This websocket was never closed after successful login, causing it to remain active until application shutdown. This resulted in asyncio errors about pending tasks being destroyed. Fix: Close login.push_notifications in _on_logged_in() immediately after authentication completes and before any post-login setup.
sk-keeper
approved these changes
Nov 13, 2025
m-k8s
changed the title
sk-keeper
pushed a commit
that referenced
this pull request
Feb 27, 2026
* Fix asyncio event loop cleanup with SSO auth Previously, when applications using SSO authentication exited, the asyncio event loop was closed while background tasks were still running, resulting in: - ERROR: Task was destroyed but it is pending - RuntimeError: Event loop is closed This issue occurred specifically with SSO authentication flows that use push notifications, but not with password-only authentication. This fix ensures proper cleanup by: 1. Cancelling all pending tasks before stopping the event loop 2. Giving tasks time (0.3s) to handle CancelledError gracefully 3. Waiting for the event loop thread to finish before closing This prevents "Task was destroyed but it is pending" errors when shutting down applications that use SSO with push notifications. * Revert "Fix asyncio event loop cleanup with SSO auth" This reverts commit 8364e1c. * Close login websocket after authentication During SSO authentication flows, a push notification websocket (LoginPushNotifications) is created to handle 2FA, device approval, and SSO data key requests. This websocket was never closed after successful login, causing it to remain active until application shutdown. This resulted in asyncio errors about pending tasks being destroyed. Fix: Close login.push_notifications in _on_logged_in() immediately after authentication completes and before any post-login setup.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix websocket connection leak during authentication
Problem
When applications using keeper-sdk exit after authentication with 2FA, device approval, or SSO data key requests, the asyncio event loop is closed while background tasks (push notification websockets) are still running, causing error messages:
Root Cause
During authentication requiring interactive approval, a push notification websocket (
LoginPushNotifications) is created to handle:The bug: This websocket was never closed after successful login.
When the application exits, the websocket connection is still active, causing asyncio to report pending tasks that are destroyed during shutdown.
Solution
Close
login.push_notificationsin_on_logged_in()after authentication completes.