Problem
KeychainTokenStorage.deleteCredentials() and FileTokenStorage.deleteCredentials() throw an error when the credential doesn't exist. This causes cascading "Failed to clear OAuth credentials" errors when re-auth tries to clear credentials that are already gone.
Common scenarios:
- Double logout (
/auth logout twice)
- Auth-switch without prior login (clearing credentials that were never stored)
- Token refresh race (keychain entry deleted externally between read and delete)
Expected behavior
Deleting non-existent credentials should be a no-op (idempotent), not an error. This matches standard idempotent-delete semantics and the behavior users expect from a "clear" operation.
Affected code
KeychainTokenStorage.deleteCredentials() — throws No credentials found for ${serverName}FileTokenStorage.deleteCredentials() — throws No credentials found for ${serverName}
Environment
- Affects all keychain users (macOS/Linux) for Google OAuth logout path
- Affects
GEMINI_FORCE_ENCRYPTED_FILE_STORAGE=true users for MCP token path
Problem
KeychainTokenStorage.deleteCredentials()andFileTokenStorage.deleteCredentials()throw an error when the credential doesn't exist. This causes cascading "Failed to clear OAuth credentials" errors when re-auth tries to clear credentials that are already gone.Common scenarios:
/auth logouttwice)Expected behavior
Deleting non-existent credentials should be a no-op (idempotent), not an error. This matches standard idempotent-delete semantics and the behavior users expect from a "clear" operation.
Affected code
KeychainTokenStorage.deleteCredentials()— throwsNo credentials found for ${serverName}FileTokenStorage.deleteCredentials()— throwsNo credentials found for ${serverName}Environment
GEMINI_FORCE_ENCRYPTED_FILE_STORAGE=trueusers for MCP token path