renato97/picoclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): align OpenAI OAuth authorize URL and params

Browse Source
This commit is contained in:
qiaoborui
2026-02-14 12:37:49 +08:00
parent 5872e0f55e
commit 7304ab7d33
2 changed files with 38 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/auth/oauth.go
View File

@@ -22,6 +22,7 @@ type OAuthProviderConfig struct {
Issuer string Issuer string
ClientID string ClientID string
Scopes string Scopes string
Originator string
Port int Port int
} }
@@ -30,6 +31,7 @@ func OpenAIOAuthConfig() OAuthProviderConfig {
Issuer: "https://auth.openai.com", Issuer: "https://auth.openai.com",
ClientID: "app_EMoamEEZ73f0CkXaXp7hrann", ClientID: "app_EMoamEEZ73f0CkXaXp7hrann",
Scopes: "openid profile email offline_access", Scopes: "openid profile email offline_access",
Originator: "codex_cli_rs",
Port: 1455, Port: 1455,
} }
} }
@@ -294,9 +296,14 @@ func buildAuthorizeURL(cfg OAuthProviderConfig, pkce PKCECodes, state, redirectU
"scope": {cfg.Scopes}, "scope": {cfg.Scopes},
"code_challenge": {pkce.CodeChallenge}, "code_challenge": {pkce.CodeChallenge},
"code_challenge_method": {"S256"}, "code_challenge_method": {"S256"},
"id_token_add_organizations": {"true"},
"codex_cli_simplified_flow": {"true"},
"state": {state}, "state": {state},
} }
return cfg.Issuer + "/authorize?" + params.Encode() if cfg.Originator != "" {
params.Set("originator", cfg.Originator)
}
return cfg.Issuer + "/oauth/authorize?" + params.Encode()
} }
func exchangeCodeForTokens(cfg OAuthProviderConfig, code, codeVerifier, redirectURI string) (*AuthCredential, error) { func exchangeCodeForTokens(cfg OAuthProviderConfig, code, codeVerifier, redirectURI string) (*AuthCredential, error) {

12
pkg/auth/oauth_test.go
View File

@@ -13,6 +13,7 @@ func TestBuildAuthorizeURL(t *testing.T) {
Issuer: "https://auth.example.com", Issuer: "https://auth.example.com",
ClientID: "test-client-id", ClientID: "test-client-id",
Scopes: "openid profile", Scopes: "openid profile",
Originator: "codex_cli_rs",
Port: 1455, Port: 1455,
} }
pkce := PKCECodes{ pkce := PKCECodes{
@@ -22,7 +23,7 @@ func TestBuildAuthorizeURL(t *testing.T) {
u := BuildAuthorizeURL(cfg, pkce, "test-state", "http://localhost:1455/auth/callback") u := BuildAuthorizeURL(cfg, pkce, "test-state", "http://localhost:1455/auth/callback")
if !strings.HasPrefix(u, "https://auth.example.com/authorize?") { if !strings.HasPrefix(u, "https://auth.example.com/oauth/authorize?") {
t.Errorf("URL does not start with expected prefix: %s", u) t.Errorf("URL does not start with expected prefix: %s", u)
} }
if !strings.Contains(u, "client_id=test-client-id") { if !strings.Contains(u, "client_id=test-client-id") {
@@ -40,6 +41,15 @@ func TestBuildAuthorizeURL(t *testing.T) {
if !strings.Contains(u, "response_type=code") { if !strings.Contains(u, "response_type=code") {
t.Error("URL missing response_type") t.Error("URL missing response_type")
} }
if !strings.Contains(u, "id_token_add_organizations=true") {
t.Error("URL missing id_token_add_organizations")
}
if !strings.Contains(u, "codex_cli_simplified_flow=true") {
t.Error("URL missing codex_cli_simplified_flow")
}
if !strings.Contains(u, "originator=codex_cli_rs") {
t.Error("URL missing originator")
}
} }
func TestParseTokenResponse(t *testing.T) { func TestParseTokenResponse(t *testing.T) {