Device code flow not respecting slow_down

[jerr0328]

In cli/cli#9370 (comment), several people, including myself, have issues with the gh cli that is not working properly with login when the auth server responds with "slow_down" error. According to the RFC8628 section 3.5, this means the client MUST increase the interval of polling, and it should continue to poll and not crash out. I had a look at the code (I'm don't consider myself a Go developer) and I didn't see any handling of that (e.g. https://github.com/cli/oauth/blob/main/device/device_flow.go#L190). Presumably the change needs to not only check that "slow_down" being a possible "continue" case but also increase the interval or use the new interval provided.

[williammartin]

Hey @jerr0328, you're right that this module does not handle slow_down. It's definitely something we can implement, though I'm not sure it'll really deal with the underlying issue there, as I mentioned here: cli/cli#9370 (comment).

We can definitely do it and see what the outcome is though!

[williammartin]

Acceptance

Given I am logging in against a server that responds with slow_down when requesting the access token
When I go through an oauth flow targeting that server
Then the requests for the acess_token increase by 5 seconds per slow_down response received.