diff --git a/scripts/setup-section0-docs.sh b/scripts/setup-section0-docs.sh
index 931f839..ae4209a 100755
--- a/scripts/setup-section0-docs.sh
+++ b/scripts/setup-section0-docs.sh
@@ -105,6 +105,10 @@ url=urlparse(sys.argv[1])
 print(url.netloc)' "\$1"
 }
 
+http_json() {
+  curl --connect-timeout 5 --max-time 15 -fsS "\$@"
+}
+
 install_git_credential() {
   remote="\$1"
   username="\$2"
@@ -136,17 +140,25 @@ auth_login() {
   token_json=""
   i=0
   while [ "\$i" -lt 90 ]; do
-    token_json="\$(curl -fsS "\$SERVER_URL/device/\$code/token" 2>/dev/null || true)"
+    token_json="\$(http_json "\$SERVER_URL/device/\$code/token" 2>/dev/null || true)"
     access_token="\$(printf "%s" "\${token_json:-{}}" | json_get accessToken 2>/dev/null || true)"
     [ -n "\$access_token" ] && break
+    status="\$(printf "%s" "\${token_json:-{}}" | json_get status 2>/dev/null || true)"
+    if [ \$((i % 5)) -eq 0 ]; then
+      printf "\n  still waiting%s\n" "\${status:+ (\$status)}"
+    else
+      printf "."
+    fi
     i=\$((i + 1))
     sleep 2
   done
+  printf "\n"
   [ -n "\${access_token:-}" ] || {
     echo "timed out waiting for Authentik login" >&2
     exit 1
   }
-  access_json="\$(curl -fsS -X POST -H "Authorization: Bearer \$access_token" "\$SERVER_URL/section0/git/access")"
+  echo "Login accepted; requesting Section 0 Git access..."
+  access_json="\$(http_json -X POST -H "Authorization: Bearer \$access_token" "\$SERVER_URL/section0/git/access")"
   ok="\$(printf "%s" "\$access_json" | json_get ok)"
   [ "\$ok" = "True" ] || [ "\$ok" = "true" ] || {
     echo "Git access broker did not return credentials:" >&2
@@ -165,6 +177,7 @@ auth_login() {
   git -C "\$REPO_DIR" remote set-url origin "\$remote"
   git -C "\$REPO_DIR" config user.name "\$author_name"
   git -C "\$REPO_DIR" config user.email "\$author_email"
+  echo "Storing Git credential..."
   install_git_credential "\$remote" "\$git_username" "\$git_password"
   python3 -c 'import json,sys
 token=json.loads(sys.argv[1])