feat: implement robust GitHub device flow polling with rate limit handling

- Introduce `DevicePollResult` sealed interface to explicitly handle `Success`, `Pending`, `SlowDown`, and `Failed` states during device token polling.
- Update `AuthenticationViewModel` to handle `slow_down` responses by dynamically increasing the polling interval and adding a 1-second safety buffer.
- Enhance `AuthenticationState` and `AuthenticationRoot` UI to display a "Rate limited" message with a countdown when polling is throttled.
- Refactor `AuthenticationRepository` to return the new structured `DevicePollResult` instead of a nullable `Result`.
- Improve error categorization and logging for device code verification, specifically distinguishing between pending authorization and terminal failures like expired codes or access denial.
- Update string resources to include localized text for rate-limiting notifications.

Author: rainxchzed

core/presentation/src/commonMain/composeResources/values/strings.xml

@@ -453,6 +453,7 @@
     <string name="auth_hint_denied">You denied the authorization request. Try again if this was unintentional.</string>
     <string name="auth_check_status">I already authorized</string>
     <string name="auth_polling_status">Checking…</string>
+    <string name="auth_rate_limited">Rate limited — retrying in %1$ds</string>
 
     <!-- Read More / Show Less -->
     <string name="read_more">Read More</string>

feature/auth/data/src/commonMain/kotlin/zed/rainxch/auth/data/network/GitHubAuthApi.kt

@@ -117,7 +117,8 @@ object GitHubAuthApi {
                     )
                 }
             val status = res.status
-            val text = res.body<String>()
+            val text = res.bodyAsText()
+
 
             if (status !in HttpStatusCode.OK..HttpStatusCode.MultipleChoices) {
                 return Result.failure(
@@ -129,8 +130,9 @@ object GitHubAuthApi {
 
             try {
                 val ok = json.decodeFromString(GithubDeviceTokenSuccessDto.serializer(), text)
+
                 Result.success(ok)
-            } catch (_: Throwable) {
+            } catch (e: Throwable) {
                 val err = json.decodeFromString(GithubDeviceTokenErrorDto.serializer(), text)
                 val message =
                     buildString {
@@ -141,9 +143,11 @@ object GitHubAuthApi {
                             append(desc)
                         }
                     }
+
                 Result.failure(IllegalStateException(message))
             }
         } catch (e: Exception) {
+
             Result.failure(e)
         }
     }

feature/auth/data/src/commonMain/kotlin/zed/rainxch/auth/data/repository/AuthenticationRepositoryImpl.kt

@@ -11,6 +11,7 @@ import kotlinx.coroutines.isActive
 import kotlinx.coroutines.withContext
 import zed.rainxch.auth.data.network.GitHubAuthApi
 import zed.rainxch.auth.domain.repository.AuthenticationRepository
+import zed.rainxch.auth.domain.repository.DevicePollResult
 import zed.rainxch.core.data.data_source.TokenStore
 import zed.rainxch.core.data.mappers.toData
 import zed.rainxch.core.data.mappers.toDomain
@@ -223,7 +224,7 @@ class AuthenticationRepositoryImpl(
         }
     }
 
-    override suspend fun pollDeviceTokenOnce(deviceCode: String): Result<GithubDeviceTokenSuccess?> =
+    override suspend fun pollDeviceTokenOnce(deviceCode: String): DevicePollResult =
         withContext(Dispatchers.IO) {
             val clientId = BuildKonfig.GITHUB_CLIENT_ID
             try {
@@ -233,48 +234,53 @@ class AuthenticationRepositoryImpl(
                 if (success != null) {
                     logger.debug("✅ Single poll: Token received! Saving...")
                     saveTokenWithVerification(success)
-                    Result.success(success)
+                    DevicePollResult.Success(success)
                 } else {
                     val error = res.exceptionOrNull()
                     val errorMsg = (error?.message ?: "").lowercase()
 
                     when {
-                        "authorization_pending" in errorMsg || "slow_down" in errorMsg -> {
-                            Result.success(null)
+                        "slow_down" in errorMsg -> {
+                            logger.debug("⚠️ GitHub says slow down")
+                            DevicePollResult.SlowDown
+                        }
+
+                        "authorization_pending" in errorMsg -> {
+                            DevicePollResult.Pending
                         }
 
                         "access_denied" in errorMsg -> {
-                            Result.failure(
+                            DevicePollResult.Failed(
                                 Exception("Authentication was denied. Please try again if this was a mistake."),
                             )
                         }
 
                         "expired_token" in errorMsg ||
                             "expired_device_code" in errorMsg ||
                             "token_expired" in errorMsg -> {
-                            Result.failure(
+                            DevicePollResult.Failed(
                                 Exception("Authorization code expired. Please try again."),
                             )
                         }
 
                         "bad_verification_code" in errorMsg ||
                             "incorrect_device_code" in errorMsg -> {
-                            Result.failure(
+                            DevicePollResult.Failed(
                                 Exception("Invalid verification code. Please restart authentication."),
                             )
                         }
 
                         else -> {
                             logger.debug("⚠️ Single poll unknown error: $errorMsg")
-                            Result.success(null)
+                            DevicePollResult.Pending
                         }
                     }
                 }
             } catch (e: CancellationException) {
                 throw e
             } catch (e: Exception) {
                 logger.debug("⚠️ Single poll network error: ${e.message}")
-                Result.success(null)
+                DevicePollResult.Pending
             }
         }
 

feature/auth/domain/src/commonMain/kotlin/zed/rainxch/auth/domain/repository/AuthenticationRepository.kt

@@ -11,11 +11,15 @@ interface AuthenticationRepository {
 
     suspend fun awaitDeviceToken(start: GithubDeviceStart): GithubDeviceTokenSuccess
 
-    /**
-     * Single poll attempt. Returns:
-     * - [Result.success] with non-null [GithubDeviceTokenSuccess] if user authorized
-     * - [Result.success] with null if authorization is still pending (keep polling)
-     * - [Result.failure] on terminal errors (denied, expired, invalid code)
-     */
-    suspend fun pollDeviceTokenOnce(deviceCode: String): Result<GithubDeviceTokenSuccess?>
+    suspend fun pollDeviceTokenOnce(deviceCode: String): DevicePollResult
+}
+
+sealed interface DevicePollResult {
+    data class Success(val token: GithubDeviceTokenSuccess) : DevicePollResult
+
+    data object Pending : DevicePollResult
+
+    data object SlowDown : DevicePollResult
+
+    data class Failed(val error: Throwable) : DevicePollResult
 }

feature/auth/presentation/src/commonMain/kotlin/zed/rainxch/auth/presentation/AuthenticationRoot.kt

@@ -82,6 +82,7 @@ import zed.rainxch.githubstore.core.presentation.res.auth_check_status
 import zed.rainxch.githubstore.core.presentation.res.auth_code_expires_in
 import zed.rainxch.githubstore.core.presentation.res.auth_error_with_message
 import zed.rainxch.githubstore.core.presentation.res.auth_polling_status
+import zed.rainxch.githubstore.core.presentation.res.auth_rate_limited
 import zed.rainxch.githubstore.core.presentation.res.continue_as_guest
 import zed.rainxch.githubstore.core.presentation.res.copy_code
 import zed.rainxch.githubstore.core.presentation.res.enter_code_on_github
@@ -532,6 +533,15 @@ private fun StateDevicePrompt(
             )
         }
 
+        if (state.pollIntervalSec > 0) {
+            Spacer(Modifier.height(8.dp))
+            Text(
+                text = stringResource(Res.string.auth_rate_limited, state.pollIntervalSec),
+                style = MaterialTheme.typography.labelSmall,
+                color = MaterialTheme.colorScheme.onSurfaceVariant,
+            )
+        }
+
         Spacer(Modifier.weight(2f))
     }
 }

feature/auth/presentation/src/commonMain/kotlin/zed/rainxch/auth/presentation/AuthenticationState.kt

@@ -7,4 +7,5 @@ data class AuthenticationState(
     val copied: Boolean = false,
     val info: String? = null,
     val isPolling: Boolean = false,
+    val pollIntervalSec: Int = 0,
 )

feature/auth/presentation/src/commonMain/kotlin/zed/rainxch/auth/presentation/AuthenticationViewModel.kt

@@ -20,6 +20,7 @@ import kotlinx.coroutines.launch
 import kotlinx.coroutines.withContext
 import org.jetbrains.compose.resources.getString
 import zed.rainxch.auth.domain.repository.AuthenticationRepository
+import zed.rainxch.auth.domain.repository.DevicePollResult
 import zed.rainxch.auth.presentation.mapper.toUi
 import zed.rainxch.auth.presentation.model.AuthLoginState
 import zed.rainxch.auth.presentation.model.GithubDeviceStartUi
@@ -39,6 +40,7 @@ class AuthenticationViewModel(
     private var hasLoadedInitialData = false
     private var countdownJob: Job? = null
     private var pollingJob: Job? = null
+    private var pollingIntervalMs: Long = DEFAULT_POLL_INTERVAL_SEC * 1000L
 
     private val _state: MutableStateFlow<AuthenticationState> =
         MutableStateFlow(AuthenticationState())
@@ -234,24 +236,21 @@ class AuthenticationViewModel(
 
     private fun startPolling(deviceCode: String) {
         pollingJob?.cancel()
-        val intervalMs = getPollingIntervalMs()
+        val loginState = _state.value.loginState
+        val intervalSec =
+            (loginState as? AuthLoginState.DevicePrompt)?.start?.intervalSec
+                ?: DEFAULT_POLL_INTERVAL_SEC
+        // Add 1s buffer above GitHub's minimum to avoid immediate slow_down
+        pollingIntervalMs = (intervalSec * 1000).toLong() + 1000L
         pollingJob =
             viewModelScope.launch {
                 while (isActive) {
-                    delay(intervalMs)
+                    delay(pollingIntervalMs)
                     doPoll(deviceCode)
                 }
             }
     }
 
-    private fun getPollingIntervalMs(): Long {
-        val loginState = _state.value.loginState
-        val intervalSec =
-            (loginState as? AuthLoginState.DevicePrompt)?.start?.intervalSec
-                ?: DEFAULT_POLL_INTERVAL_SEC
-        return (intervalSec * 1000).toLong()
-    }
-
     private fun pollOnce(deviceCode: String) {
         viewModelScope.launch {
             doPoll(deviceCode)
@@ -261,33 +260,48 @@ class AuthenticationViewModel(
     private suspend fun doPoll(deviceCode: String) {
         _state.update { it.copy(isPolling = true) }
         try {
-            logger.debug("Polling device token (code=${deviceCode.take(8)}...)")
+            logger.debug("Polling device token (code=${deviceCode.take(8)}..., interval=${pollingIntervalMs}ms)")
             val result =
                 withContext(Dispatchers.IO) {
                     authenticationRepository.pollDeviceTokenOnce(deviceCode)
                 }
 
-            result
-                .onSuccess { token ->
-                    if (token != null) {
-                        logger.debug("Poll success — token received, navigating")
-                        pollingJob?.cancel()
-                        countdownJob?.cancel()
-                        clearSavedState()
-                        _state.update {
-                            it.copy(loginState = AuthLoginState.LoggedIn, isPolling = false)
-                        }
-                        _events.trySend(AuthenticationEvents.OnNavigateToMain)
-                    } else {
-                        logger.debug("Poll result: still pending")
-                        _state.update { it.copy(isPolling = false) }
+            when (result) {
+                is DevicePollResult.Success -> {
+                    logger.debug("Poll success — token received, navigating")
+                    pollingJob?.cancel()
+                    countdownJob?.cancel()
+                    clearSavedState()
+                    _state.update {
+                        it.copy(loginState = AuthLoginState.LoggedIn, isPolling = false)
                     }
-                }.onFailure { error ->
-                    logger.debug("Poll failed terminally: ${error.message}")
+                    _events.trySend(AuthenticationEvents.OnNavigateToMain)
+                }
+
+                is DevicePollResult.Pending -> {
+                    logger.debug("Poll result: still pending")
+                    _state.update { it.copy(isPolling = false, pollIntervalSec = 0) }
+                }
+
+                is DevicePollResult.SlowDown -> {
+                    pollingIntervalMs += 5000L
+                    logger.debug("Poll result: slow_down — increased interval to ${pollingIntervalMs}ms")
+                    _state.update {
+                        it.copy(
+                            isPolling = false,
+                            pollIntervalSec = (pollingIntervalMs / 1000).toInt(),
+                        )
+                    }
+                    // Don't restart — the existing polling loop reads pollingIntervalMs
+                    // on each iteration via delay(), so it will pick up the new value.
+                }
+
+                is DevicePollResult.Failed -> {
+                    logger.debug("Poll failed terminally: ${result.error.message}")
                     pollingJob?.cancel()
                     countdownJob?.cancel()
                     clearSavedState()
-                    val (message, hint) = categorizeError(error)
+                    val (message, hint) = categorizeError(result.error)
                     _state.update {
                         it.copy(
                             loginState =
@@ -296,6 +310,7 @@ class AuthenticationViewModel(
                         )
                     }
                 }
+            }
         } catch (e: CancellationException) {
             throw e
         } catch (t: Throwable) {