refactor(providers): 🔨 replace interactive re-auth with manual expiry

Removes the interactive global re-authentication coordinator logic from Google and Qwen providers. Instead of attempting to launch an interactive OAuth flow (which blocks proxy operations), the system now immediately marks the credential as permanently expired and raises an error.

- Remove `get_reauth_coordinator` usage in `GoogleOAuthBase` and `QwenAuthBase`.
- Implement immediate credential expiration upon token refresh failure.
- Raise `ValueError` with specific instructions to run `credential_tool.py` for recovery.
- Simplify `IFlowAuthBase` expiration logic to strictly enforce manual re-authentication.

Author: Mirrowel

src/rotator_library/providers/google_oauth_base.py

@@ -804,8 +804,7 @@ async def _process_refresh_queue(self):
                             async with self._queue_tracking_lock:
                                 self._queued_credentials.discard(path)
                             self._mark_credential_expired(
-                                path,
-                                f"Refresh token invalid (HTTP {status_code})"
+                                path, f"Refresh token invalid (HTTP {status_code})"
                             )
                         elif status_code == 400:
                             # Check for invalid_grant
@@ -816,7 +815,7 @@ async def _process_refresh_queue(self):
                                     self._queued_credentials.discard(path)
                                 self._mark_credential_expired(
                                     path,
-                                    f"Refresh token invalid (HTTP 400: invalid_grant)"
+                                    f"Refresh token invalid (HTTP 400: invalid_grant)",
                                 )
                             else:
                                 await self._handle_refresh_failure(
@@ -1171,8 +1170,7 @@ async def initialize_token(
             if force_interactive:
                 if path:
                     self._mark_credential_expired(
-                        path,
-                        "Refresh token invalid - re-authentication required"
+                        path, "Refresh token invalid - re-authentication required"
                     )
                 raise ValueError(
                     f"Credential '{display_name}' requires re-authentication. "
@@ -1191,29 +1189,21 @@ async def initialize_token(
                         return await self._refresh_token(path, creds)
                     except Exception as e:
                         lib_logger.warning(
-                            f"Automatic token refresh for '{display_name}' failed: {e}. Proceeding to interactive login."
+                            f"Automatic token refresh for '{display_name}' failed: {e}."
                         )
+                        # Fall through to mark as expired
 
-                lib_logger.warning(
-                    f"{self.ENV_PREFIX} OAuth token for '{display_name}' needs setup: {reason}."
-                )
-
-                # [GLOBAL REAUTH COORDINATION] Use the global coordinator to ensure
-                # only one interactive OAuth flow runs at a time across all providers
-                coordinator = get_reauth_coordinator()
-
-                # Define the interactive OAuth function to be executed by coordinator
-                async def _do_interactive_oauth():
-                    return await self._perform_interactive_oauth(
-                        path, creds, display_name
+                # [NO AUTO-REAUTH] Mark credential as permanently expired instead of
+                # launching interactive browser OAuth. This prevents blocking proxy
+                # operations. User must run credential_tool.py manually and restart proxy.
+                if path:
+                    self._mark_credential_expired(
+                        path,
+                        f"{reason}. Manual re-authentication required via credential_tool.py",
                     )
-
-                # Execute via global coordinator (ensures only one at a time)
-                return await coordinator.execute_reauth(
-                    credential_path=path or display_name,
-                    provider_name=self.ENV_PREFIX,
-                    reauth_func=_do_interactive_oauth,
-                    timeout=300.0,  # 5 minute timeout for user to complete OAuth
+                raise ValueError(
+                    f"Credential '{display_name}' is expired and requires manual re-authentication. "
+                    f"Run 'python credential_tool.py' to fix, then restart the proxy."
                 )
 
             lib_logger.info(

src/rotator_library/providers/iflow_auth_base.py

@@ -1326,18 +1326,18 @@ async def initialize_token(
                         )
                         # Fall through to mark as expired
 
-                # [NO AUTO-REAUTH] If force_interactive is True or refresh failed,
-                # mark the credential as permanently expired instead of launching browser OAuth.
-                # User must run credential_tool.py manually and restart proxy.
-                if force_interactive or reason != "token is expired":
+                # [NO AUTO-REAUTH] Mark credential as permanently expired instead of
+                # launching interactive browser OAuth. This prevents blocking proxy
+                # operations. User must run credential_tool.py manually and restart proxy.
+                if path:
                     self._mark_credential_expired(
                         path,
                         f"{reason}. Manual re-authentication required via credential_tool.py",
                     )
-                    raise ValueError(
-                        f"Credential '{display_name}' is expired and requires manual re-authentication. "
-                        f"Run 'python credential_tool.py' to fix, then restart the proxy."
-                    )
+                raise ValueError(
+                    f"Credential '{display_name}' is expired and requires manual re-authentication. "
+                    f"Run 'python credential_tool.py' to fix, then restart the proxy."
+                )
 
             lib_logger.info(f"iFlow OAuth token at '{display_name}' is valid.")
             return creds

src/rotator_library/providers/qwen_auth_base.py

@@ -1004,29 +1004,21 @@ async def initialize_token(
                         return await self._refresh_token(path)
                     except Exception as e:
                         lib_logger.warning(
-                            f"Automatic token refresh for '{display_name}' failed: {e}. Proceeding to interactive login."
+                            f"Automatic token refresh for '{display_name}' failed: {e}."
                         )
+                        # Fall through to mark as expired
 
-                lib_logger.warning(
-                    f"Qwen OAuth token for '{display_name}' needs setup: {reason}."
-                )
-
-                # [GLOBAL REAUTH COORDINATION] Use the global coordinator to ensure
-                # only one interactive OAuth flow runs at a time across all providers
-                coordinator = get_reauth_coordinator()
-
-                # Define the interactive OAuth function to be executed by coordinator
-                async def _do_interactive_oauth():
-                    return await self._perform_interactive_oauth(
-                        path, creds, display_name
+                # [NO AUTO-REAUTH] Mark credential as permanently expired instead of
+                # launching interactive device OAuth. This prevents blocking proxy
+                # operations. User must run credential_tool.py manually and restart proxy.
+                if path:
+                    self._mark_credential_expired(
+                        path,
+                        f"{reason}. Manual re-authentication required via credential_tool.py",
                     )
-
-                # Execute via global coordinator (ensures only one at a time)
-                return await coordinator.execute_reauth(
-                    credential_path=path or display_name,
-                    provider_name="QWEN_CODE",
-                    reauth_func=_do_interactive_oauth,
-                    timeout=300.0,  # 5 minute timeout for user to complete OAuth
+                raise ValueError(
+                    f"Credential '{display_name}' is expired and requires manual re-authentication. "
+                    f"Run 'python credential_tool.py' to fix, then restart the proxy."
                 )
 
             lib_logger.info(f"Qwen OAuth token at '{display_name}' is valid.")