Auth: land codex oauth onboarding flow (#15406)

2026-05-12 15:11:11 +00:00 · 2026-02-13 17:18:20 +00:00
parent 7ec60d6449
commit 86e4fe0a7a
6 changed files with 282 additions and 55 deletions
--- a/src/commands/auth-choice.apply.openai.ts
+++ b/src/commands/auth-choice.apply.openai.ts
@@ -1,4 +1,3 @@
-import { loginOpenAICodex } from "@mariozechner/pi-ai";
 import type { ApplyAuthChoiceParams, ApplyAuthChoiceResult } from "./auth-choice.apply.js";
 import { resolveEnvApiKey } from "../agents/model-auth.js";
 import { upsertSharedEnvVar } from "../infra/env-file.js";
@@ -9,13 +8,13 @@ import {
 } from "./auth-choice.api-key.js";
 import { applyDefaultModelChoice } from "./auth-choice.default-model.js";
 import { isRemoteEnvironment } from "./oauth-env.js";
-import { createVpsAwareOAuthHandlers } from "./oauth-flow.js";
 import { applyAuthProfileConfig, writeOAuthCredentials } from "./onboard-auth.js";
 import { openUrl } from "./onboard-helpers.js";
 import {
  applyOpenAICodexModelDefault,
  OPENAI_CODEX_DEFAULT_MODEL,
 } from "./openai-codex-model-default.js";
+import { loginOpenAICodexOAuth } from "./openai-codex-oauth.js";
 import {
  applyOpenAIConfig,
  applyOpenAIProviderConfig,
@@ -125,66 +124,42 @@ export async function applyAuthChoiceOpenAI(
      );
    };

-    const isRemote = isRemoteEnvironment();
-    await params.prompter.note(
-      isRemote
-        ? [
-            "You are running in a remote/VPS environment.",
-            "A URL will be shown for you to open in your LOCAL browser.",
-            "After signing in, paste the redirect URL back here.",
-          ].join("\n")
-        : [
-            "Browser will open for OpenAI authentication.",
-            "If the callback doesn't auto-complete, paste the redirect URL.",
-            "OpenAI OAuth uses localhost:1455 for the callback.",
-          ].join("\n"),
-      "OpenAI Codex OAuth",
-    );
-    const spin = params.prompter.progress("Starting OAuth flow…");
+    let creds;
    try {
-      const { onAuth, onPrompt } = createVpsAwareOAuthHandlers({
-        isRemote,
+      creds = await loginOpenAICodexOAuth({
        prompter: params.prompter,
        runtime: params.runtime,
-        spin,
-        openUrl,
+        isRemote: isRemoteEnvironment(),
+        openUrl: async (url) => {
+          await openUrl(url);
+        },
        localBrowserMessage: "Complete sign-in in browser…",
      });
-
-      const creds = await loginOpenAICodex({
-        onAuth,
-        onPrompt,
-        onProgress: (msg) => spin.update(msg),
+    } catch {
+      // The helper already surfaces the error to the user.
+      // Keep onboarding flow alive and return unchanged config.
+      return { config: nextConfig, agentModelOverride };
+    }
+    if (creds) {
+      await writeOAuthCredentials("openai-codex", creds, params.agentDir);
+      nextConfig = applyAuthProfileConfig(nextConfig, {
+        profileId: "openai-codex:default",
+        provider: "openai-codex",
+        mode: "oauth",
      });
-      spin.stop("OpenAI OAuth complete");
-      if (creds) {
-        await writeOAuthCredentials("openai-codex", creds, params.agentDir);
-        nextConfig = applyAuthProfileConfig(nextConfig, {
-          profileId: "openai-codex:default",
-          provider: "openai-codex",
-          mode: "oauth",
-        });
-        if (params.setDefaultModel) {
-          const applied = applyOpenAICodexModelDefault(nextConfig);
-          nextConfig = applied.next;
-          if (applied.changed) {
-            await params.prompter.note(
-              `Default model set to ${OPENAI_CODEX_DEFAULT_MODEL}`,
-              "Model configured",
-            );
-          }
-        } else {
-          agentModelOverride = OPENAI_CODEX_DEFAULT_MODEL;
-          await noteAgentModel(OPENAI_CODEX_DEFAULT_MODEL);
+      if (params.setDefaultModel) {
+        const applied = applyOpenAICodexModelDefault(nextConfig);
+        nextConfig = applied.next;
+        if (applied.changed) {
+          await params.prompter.note(
+            `Default model set to ${OPENAI_CODEX_DEFAULT_MODEL}`,
+            "Model configured",
+          );
        }
+      } else {
+        agentModelOverride = OPENAI_CODEX_DEFAULT_MODEL;
+        await noteAgentModel(OPENAI_CODEX_DEFAULT_MODEL);
      }
-    } catch (err) {
-      spin.stop("OpenAI OAuth failed");
-      params.runtime.error(String(err));
-      await params.prompter.note(
-        "Trouble with OAuth? See https://docs.openclaw.ai/start/faq",
-        "OAuth help",
-      );
    }
    return { config: nextConfig, agentModelOverride };
  }