github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 05:41:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(chutes): accept manual OAuth code input

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 20:53:39 +01:00
parent c5406e1d24
commit ee8d8be2e3
3 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/agents/chutes-oauth.ts
View File

@@ -50,14 +50,19 @@ export function parseOAuthCallbackInput(
return { error: "Missing 'code' parameter in URL" };
}
if (!state) {
return { error: "Missing 'state' parameter. Paste the full URL." };
return { error: "Missing 'state' parameter. Paste the full URL (or just the code)." };
}
if (state !== expectedState) {
return { error: "OAuth state mismatch - possible CSRF attack. Please retry login." };
}
return { code, state };
} catch {
return { error: "Paste the full redirect URL, not just the code." };
// Manual flow: users often paste only the authorization code.
// In that case we can't validate state, but the user is explicitly opting in by pasting it.
if (!/\s/.test(trimmed) && !trimmed.includes("://") && trimmed.length > 0) {
return { code: trimmed, state: expectedState };
}
return { error: "Paste the redirect URL (or authorization code)." };
}
}