feat: add manual URL paste option for OAuth in remote environments#73
feat: add manual URL paste option for OAuth in remote environments#73llajas wants to merge 3 commits intonumman-ali:mainfrom
Conversation
Adds a second OAuth login method 'ChatGPT Plus/Pro (Manual URL Paste)' that allows users to manually paste the redirect URL after authentication. This enables OAuth login in environments where localhost callbacks don't work: - Remote servers (SSH) - Containers/Docker - WSL without localhost forwarding The original automatic localhost callback flow is preserved as the default option.
There was a problem hiding this comment.
Pull request overview
This PR adds a manual URL paste authentication method for OAuth to support remote development environments where localhost callbacks are not accessible (SSH, Docker containers, WSL).
- Introduces a new "ChatGPT Plus/Pro (Manual URL Paste)" authentication option
- Uses OpenCode's
method: "code"to prompt users to manually paste the OAuth redirect URL - Leverages existing
parseAuthorizationInput()function to extract authorization codes from pasted URLs
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| authorize: async () => { | ||
| const { pkce, state, url } = await createAuthorizationFlow(); | ||
|
|
||
| // Attempt to open browser automatically | ||
| openBrowserUrl(url); | ||
|
|
||
| return { | ||
| url, | ||
| method: "code" as const, | ||
| instructions: "1. Open the URL above in your browser and complete login.\n2. After login, your browser will redirect to localhost (which may fail to load).\n3. Copy the FULL URL from your browser's address bar and paste it below.\n (It looks like: http://localhost:1455/auth/callback?code=...&state=...)", | ||
| callback: async (input: string) => { | ||
| const { parseAuthorizationInput } = await import("./lib/auth/auth.js"); | ||
| const parsed = parseAuthorizationInput(input); | ||
|
|
||
| if (!parsed.code) { | ||
| console.error("[openai-codex-plugin] No authorization code found in input"); | ||
| return { type: "failed" as const }; | ||
| } | ||
|
|
||
| const tokens = await exchangeAuthorizationCode( | ||
| parsed.code, | ||
| pkce.verifier, | ||
| REDIRECT_URI, | ||
| ); | ||
|
|
||
| return tokens?.type === "success" | ||
| ? tokens | ||
| : { type: "failed" as const }; | ||
| }, | ||
| }; | ||
| }, |
There was a problem hiding this comment.
The new manual URL paste authorization flow lacks test coverage. The repository has comprehensive tests for related functions like parseAuthorizationInput and createAuthorizationFlow in test/auth.test.ts, but this new authentication method should also have integration tests.
Consider adding tests that verify:
- The callback correctly extracts and validates the authorization code from pasted URLs
- State validation is performed (once implemented)
- Error handling when the input is invalid or missing the authorization code
- Token exchange failures are handled correctly
| method: "code" as const, | ||
| instructions: "1. Open the URL above in your browser and complete login.\n2. After login, your browser will redirect to localhost (which may fail to load).\n3. Copy the FULL URL from your browser's address bar and paste it below.\n (It looks like: http://localhost:1455/auth/callback?code=...&state=...)", | ||
| callback: async (input: string) => { | ||
| const { parseAuthorizationInput } = await import("./lib/auth/auth.js"); |
There was a problem hiding this comment.
Using a dynamic import for parseAuthorizationInput is inconsistent with other auth functions that are imported at the top of the file. For consistency and better code organization, consider adding parseAuthorizationInput to the static imports at line 27-32 where other auth functions like createAuthorizationFlow and exchangeAuthorizationCode are imported.
This would make the code more maintainable and eliminate the async overhead of the dynamic import in the callback.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
Closed by v4.3.0 (tag v4.3.0). Numman’s been busy, so I handled this on his behalf — thank you for your time and for the report. This was a tough job, but Sam Altman had my back getting it over the line. Release: https://github.com/numman-ali/opencode-openai-codex-auth/releases/tag/v4.3.0 |
2 participants
Summary
Problem
The current OAuth flow relies on a localhost callback server, which doesn't work in:
localhost:1455Solution
Added a new auth method using OpenCode's
method: "code"which prompts users to paste the redirect URL manually. This uses the existingparseAuthorizationInput()function to extract the authorization code from the pasted URL.Users now see three options when authenticating:
Testing
Tested successfully on a remote server where localhost callbacks were not accessible.