Show login options when not signed in with ChatGPT (#2440)

Motivation: we have users who uses their API key although they want to use ChatGPT account. We want to give them the chance to always login with their account. This PR displays login options when the user is not signed in with ChatGPT. Even if you have set an OpenAI API key as an environment variable, you will still be prompted to log in with ChatGPT. We’ve also added a new flag, `always_use_api_key_signing` false by default, which ensures you are never asked to log in with ChatGPT and always defaults to using your API key. https://github.com/user-attachments/assets/b61ebfa9-3c5e-4ab7-bf94-395c23a0e0af After ChatGPT sign in: https://github.com/user-attachments/assets/d58b366b-c46a-428f-a22f-2ac230f991c0
2025-08-18 20:22:48 -07:00
parent f49c934cd0
commit 97f995a749
12 changed files with 440 additions and 33 deletions
--- a/codex-rs/tui/src/lib.rs
+++ b/codex-rs/tui/src/lib.rs
@@ -12,6 +12,7 @@ use codex_core::config::find_codex_home;
 use codex_core::config::load_config_as_toml_with_cli_overrides;
 use codex_core::protocol::AskForApproval;
 use codex_core::protocol::SandboxPolicy;
+use codex_login::AuthMode;
 use codex_login::CodexAuth;
 use codex_ollama::DEFAULT_OSS_MODEL;
 use codex_protocol::config_types::SandboxMode;
@@ -296,21 +297,27 @@ fn restore() {
    }
 }

-fn should_show_login_screen(config: &Config) -> bool {
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum LoginStatus {
+    AuthMode(AuthMode),
+    NotAuthenticated,
+}
+
+fn get_login_status(config: &Config) -> LoginStatus {
    if config.model_provider.requires_openai_auth {
        // Reading the OpenAI API key is an async operation because it may need
        // to refresh the token. Block on it.
        let codex_home = config.codex_home.clone();
-        match CodexAuth::from_codex_home(&codex_home) {
-            Ok(Some(_)) => false,
-            Ok(None) => true,
+        match CodexAuth::from_codex_home(&codex_home, config.preferred_auth_method) {
+            Ok(Some(auth)) => LoginStatus::AuthMode(auth.mode),
+            Ok(None) => LoginStatus::NotAuthenticated,
            Err(err) => {
                error!("Failed to read auth.json: {err}");
-                true
+                LoginStatus::NotAuthenticated
            }
        }
    } else {
-        false
+        LoginStatus::NotAuthenticated
    }
 }