From 4df5b849acf558b3174cd85c9d4c31f4610eae1a Mon Sep 17 00:00:00 2001
From: Joseph Doherty <dohejw01@gmail.com>
Date: Fri, 29 May 2026 09:56:09 -0400
Subject: [PATCH] fix(security): let OperationCanceledException propagate from
 login role merge (review)

---
 .../ZB.MOM.WW.OtOpcUa.Security/Endpoints/AuthEndpoints.cs       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Server/ZB.MOM.WW.OtOpcUa.Security/Endpoints/AuthEndpoints.cs b/src/Server/ZB.MOM.WW.OtOpcUa.Security/Endpoints/AuthEndpoints.cs
index b5ff6f95..4b53b524 100644
--- a/src/Server/ZB.MOM.WW.OtOpcUa.Security/Endpoints/AuthEndpoints.cs
+++ b/src/Server/ZB.MOM.WW.OtOpcUa.Security/Endpoints/AuthEndpoints.cs
@@ -93,7 +93,7 @@ public static class AuthEndpoints
             var dbRows = await roleMappings.GetByGroupsAsync(result.Groups, ct);
             roles = RoleMapper.Merge(result.Roles, dbRows);
         }
-        catch (Exception ex)
+        catch (Exception ex) when (ex is not OperationCanceledException)
         {
             // A DB hiccup must never block sign-in — fall back to the appsettings baseline roles.
             http.RequestServices.GetService<ILoggerFactory>()?