fix(auth): remove bogus codex oauth responses probe

2026-05-09 11:07:41 +00:00 · 2026-03-06 15:01:17 +05:30
parent cbb96d9fe7
commit bdd368533f
3 changed files with 2 additions and 116 deletions
--- a/src/commands/openai-codex-oauth.test.ts
+++ b/src/commands/openai-codex-oauth.test.ts
@@ -1,4 +1,4 @@
-import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { beforeEach, describe, expect, it, vi } from "vitest";
 import type { RuntimeEnv } from "../runtime.js";
 import type { WizardPrompter } from "../wizard/prompts.js";

@@ -56,30 +56,10 @@ async function runCodexOAuth(params: { isRemote: boolean }) {
 }

 describe("loginOpenAICodexOAuth", () => {
-  let restoreFetch: (() => void) | null = null;
-
  beforeEach(() => {
    vi.clearAllMocks();
    mocks.runOpenAIOAuthTlsPreflight.mockResolvedValue({ ok: true });
    mocks.formatOpenAIOAuthTlsPreflightFix.mockReturnValue("tls fix");
-
-    const originalFetch = globalThis.fetch;
-    const fetchMock = vi.fn(
-      async () =>
-        new Response('{"error":{"message":"model is required"}}', {
-          status: 400,
-          headers: { "content-type": "application/json" },
-        }),
-    );
-    globalThis.fetch = fetchMock as unknown as typeof fetch;
-    restoreFetch = () => {
-      globalThis.fetch = originalFetch;
-    };
-  });
-
-  afterEach(() => {
-    restoreFetch?.();
-    restoreFetch = null;
  });

  it("returns credentials on successful oauth login", async () => {
@@ -188,52 +168,6 @@ describe("loginOpenAICodexOAuth", () => {
    expect(prompter.note).not.toHaveBeenCalledWith("tls fix", "OAuth prerequisites");
  });

-  it("fails with actionable error when token is missing api.responses.write scope", async () => {
-    mocks.createVpsAwareOAuthHandlers.mockReturnValue({
-      onAuth: vi.fn(),
-      onPrompt: vi.fn(),
-    });
-    mocks.loginOpenAICodex.mockResolvedValue({
-      provider: "openai-codex" as const,
-      access: "access-token",
-      refresh: "refresh-token",
-      expires: Date.now() + 60_000,
-      email: "user@example.com",
-    });
-    globalThis.fetch = vi.fn(
-      async () =>
-        new Response('{"error":{"message":"Missing scopes: api.responses.write"}}', {
-          status: 401,
-          headers: { "content-type": "application/json" },
-        }),
-    ) as unknown as typeof fetch;
-
-    await expect(runCodexOAuth({ isRemote: false })).rejects.toThrow(
-      "missing required scope: api.responses.write",
-    );
-  });
-
-  it("does not fail oauth completion when scope probe is unavailable", async () => {
-    const creds = {
-      provider: "openai-codex" as const,
-      access: "access-token",
-      refresh: "refresh-token",
-      expires: Date.now() + 60_000,
-      email: "user@example.com",
-    };
-    mocks.createVpsAwareOAuthHandlers.mockReturnValue({
-      onAuth: vi.fn(),
-      onPrompt: vi.fn(),
-    });
-    mocks.loginOpenAICodex.mockResolvedValue(creds);
-    globalThis.fetch = vi.fn(async () => {
-      throw new Error("network down");
-    }) as unknown as typeof fetch;
-
-    const { result } = await runCodexOAuth({ isRemote: false });
-    expect(result).toEqual(creds);
-  });
-
  it("fails early with actionable message when TLS preflight fails", async () => {
    mocks.runOpenAIOAuthTlsPreflight.mockResolvedValue({
      ok: false,
--- a/src/commands/openai-codex-oauth.ts
+++ b/src/commands/openai-codex-oauth.ts
@@ -8,41 +8,6 @@ import {
  runOpenAIOAuthTlsPreflight,
 } from "./oauth-tls-preflight.js";

-const OPENAI_RESPONSES_ENDPOINT = "https://api.openai.com/v1/responses";
-const OPENAI_RESPONSES_WRITE_SCOPE = "api.responses.write";
-
-function extractResponsesScopeErrorMessage(status: number, bodyText: string): string | null {
-  if (status !== 401) {
-    return null;
-  }
-  const normalized = bodyText.toLowerCase();
-  if (
-    normalized.includes("missing scope") &&
-    normalized.includes(OPENAI_RESPONSES_WRITE_SCOPE.toLowerCase())
-  ) {
-    return bodyText.trim() || `Missing scopes: ${OPENAI_RESPONSES_WRITE_SCOPE}`;
-  }
-  return null;
-}
-
-async function detectMissingResponsesWriteScope(accessToken: string): Promise<string | null> {
-  try {
-    const response = await fetch(OPENAI_RESPONSES_ENDPOINT, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${accessToken}`,
-        "Content-Type": "application/json",
-      },
-      body: "{}",
-    });
-    const bodyText = await response.text();
-    return extractResponsesScopeErrorMessage(response.status, bodyText);
-  } catch {
-    // Best effort only: network/TLS issues should not block successful OAuth completion.
-    return null;
-  }
-}
-
 export async function loginOpenAICodexOAuth(params: {
  prompter: WizardPrompter;
  runtime: RuntimeEnv;
@@ -90,18 +55,6 @@ export async function loginOpenAICodexOAuth(params: {
      onPrompt,
      onProgress: (msg) => spin.update(msg),
    });
-    if (creds?.access) {
-      const scopeError = await detectMissingResponsesWriteScope(creds.access);
-      if (scopeError) {
-        throw new Error(
-          [
-            `OpenAI OAuth token is missing required scope: ${OPENAI_RESPONSES_WRITE_SCOPE}.`,
-            `Provider response: ${scopeError}`,
-            "Re-authenticate with OpenAI Codex OAuth or use OPENAI_API_KEY with openai/* models.",
-          ].join(" "),
-        );
-      }
-    }
    spin.stop("OpenAI OAuth complete");
    return creds ?? null;
  } catch (err) {