fix: isolate codex login auth import#112
Merged
Merged
Conversation
@loongphy/codex-auth-darwin-arm64
@loongphy/codex-auth-darwin-x64
@loongphy/codex-auth-linux-arm64
@loongphy/codex-auth-linux-x64
@loongphy/codex-auth-win32-arm64
@loongphy/codex-auth-win32-x64
@loongphy/codex-auth
commit: |
Loongphy
force-pushed
the
codex/v0.2-temp-login
branch
from
17b4f46 to
efcc04c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix
codex-auth loginso adding a new account no longer lets upstreamcodex logintouch the currently activeauth.json.This PR changes the login flow to:
CODEX_HOMEcodex logininside that temporary homeauth.jsoninto codex-auth's managed account storeCODEX_HOMECloses: #110
Why
Recent Codex CLI versions revoke superseded managed ChatGPT tokens after a successful re-login. When
codex-auth loginpreviously ran upstreamcodex logindirectly against the realCODEX_HOME, logging in a new account could cause the previously active account's refresh token to be revoked server-side.That breaks codex-auth's multi-account model: even if the old
auth.jsonsnapshot is still stored locally, it may no longer be usable after the upstream revoke request.By running upstream login in an isolated temporary
CODEX_HOME, there is no previous auth for Codex to revoke. codex-auth then imports the new login result and activates it through its existing file-copy based account switching flow.What changed
runCodexLoginWithCodexHome(...)to run upstreamcodex loginwith aCODEX_HOMEoverride.handleLoginto use a temporary login home instead of the real Codex home.auth.jsononly after upstream login completed successfully.auth.jsonis present.