valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

When logging in using ChatGPT, make sure to overwrite API key (#3611)

Browse Source 
When logging in using ChatGPT using the `codex login` command, a
successful login should write a new `auth.json` file with the ChatGPT
token information. The old code attempted to retain the API key and
merge the token information into the existing `auth.json` file. With the
new simplified login mechanism, `auth.json` should have auth information
for only ChatGPT or API Key, not both.

The `codex login --api-key <key>` code path was already doing the right
thing here, but the `codex login` command was incorrect. This PR fixes
the problem and adds test cases for both commands.
This commit is contained in:
Eric Traut
2025-09-14 19:48:18 -07:00
committed by GitHub
parent 2ad6a37192
commit 900bb01486
3 changed files with 61 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
codex-rs/login/tests/suite/login_server_e2e.rs
View File

@@ -90,6 +90,22 @@ async fn end_to_end_login_flow_persists_auth_json() {
let tmp = tempdir().unwrap();
let codex_home = tmp.path().to_path_buf();
// Seed auth.json with stale API key + tokens that should be overwritten.
let stale_auth = serde_json::json!({
"OPENAI_API_KEY": "sk-stale",
"tokens": {
"id_token": "stale.header.payload",
"access_token": "stale-access",
"refresh_token": "stale-refresh",
"account_id": "stale-acc"
}
});
std::fs::write(
codex_home.join("auth.json"),
serde_json::to_string_pretty(&stale_auth).unwrap(),
)
.unwrap();
let state = "test_state_123".to_string();
// Run server in background
@@ -122,10 +138,10 @@ async fn end_to_end_login_flow_persists_auth_json() {
let auth_path = codex_home.join("auth.json");
let data = std::fs::read_to_string(&auth_path).unwrap();
let json: serde_json::Value = serde_json::from_str(&data).unwrap();
assert!(
!json["OPENAI_API_KEY"].is_null(),
"OPENAI_API_KEY should be set"
);
// The following assert is here because of the old oauth flow that exchanges tokens for an
// API key. See obtain_api_key in server.rs for details. Once we remove this old mechanism
// from the code, this test should be updated to expect that the API key is no longer present.
assert_eq!(json["OPENAI_API_KEY"], "access-123");
assert_eq!(json["tokens"]["access_token"], "access-123");
assert_eq!(json["tokens"]["refresh_token"], "refresh-123");
assert_eq!(json["tokens"]["account_id"], "acc-123");