Add forced_chatgpt_workspace_id and forced_login_method configuration options (#5303)

This PR adds support for configs to specify a forced login method (chatgpt or api) as well as a forced chatgpt account id. This lets enterprises uses [managed configs](https://developers.openai.com/codex/security#managed-configuration) to force all employees to use their company's workspace instead of their own or any other. When a workspace id is set, a query param is sent to the login flow which auto-selects the given workspace or errors if the user isn't a member of it. This PR is large but a large % of it is tests, wiring, and required formatting changes. API login with chatgpt forced <img width="1592" height="116" alt="CleanShot 2025-10-19 at 22 40 04" src="https://github.com/user-attachments/assets/560c6bb4-a20a-4a37-95af-93df39d057dd" /> ChatGPT login with api forced <img width="1018" height="100" alt="CleanShot 2025-10-19 at 22 40 29" src="https://github.com/user-attachments/assets/d010bbbb-9c8d-4227-9eda-e55bf043b4af" /> Onboarding with api forced <img width="892" height="460" alt="CleanShot 2025-10-19 at 22 41 02" src="https://github.com/user-attachments/assets/cc0ed45c-b257-4d62-a32e-6ca7514b5edd" /> Onboarding with ChatGPT forced <img width="1154" height="426" alt="CleanShot 2025-10-19 at 22 41 27" src="https://github.com/user-attachments/assets/41c41417-dc68-4bb4-b3e7-3b7769f7e6a1" /> Logging in with the wrong workspace <img width="2222" height="84" alt="CleanShot 2025-10-19 at 22 42 31" src="https://github.com/user-attachments/assets/0ff4222c-f626-4dd3-b035-0b7fe998a046" />
2025-10-20 08:50:54 -07:00
parent d01f91ecec
commit d87f87e25b
19 changed files with 920 additions and 66 deletions
--- a/codex-rs/login/src/device_code_auth.rs
+++ b/codex-rs/login/src/device_code_auth.rs
@@ -186,6 +186,13 @@ pub async fn run_device_code_login(opts: ServerOptions) -> std::io::Result<()> {
    .await
    .map_err(|err| std::io::Error::other(format!("device code exchange failed: {err}")))?;

+    if let Err(message) = crate::server::ensure_workspace_allowed(
+        opts.forced_chatgpt_workspace_id.as_deref(),
+        &tokens.id_token,
+    ) {
+        return Err(io::Error::new(io::ErrorKind::PermissionDenied, message));
+    }
+
    crate::server::persist_tokens_async(
        &opts.codex_home,
        None,
--- a/codex-rs/login/src/server.rs
+++ b/codex-rs/login/src/server.rs
@@ -38,10 +38,15 @@ pub struct ServerOptions {
    pub port: u16,
    pub open_browser: bool,
    pub force_state: Option<String>,
+    pub forced_chatgpt_workspace_id: Option<String>,
 }

 impl ServerOptions {
-    pub fn new(codex_home: PathBuf, client_id: String) -> Self {
+    pub fn new(
+        codex_home: PathBuf,
+        client_id: String,
+        forced_chatgpt_workspace_id: Option<String>,
+    ) -> Self {
        Self {
            codex_home,
            client_id,
@@ -49,6 +54,7 @@ impl ServerOptions {
            port: DEFAULT_PORT,
            open_browser: true,
            force_state: None,
+            forced_chatgpt_workspace_id,
        }
    }
 }
@@ -104,7 +110,14 @@ pub fn run_login_server(opts: ServerOptions) -> io::Result<LoginServer> {
    let server = Arc::new(server);

    let redirect_uri = format!("http://localhost:{actual_port}/auth/callback");
-    let auth_url = build_authorize_url(&opts.issuer, &opts.client_id, &redirect_uri, &pkce, &state);
+    let auth_url = build_authorize_url(
+        &opts.issuer,
+        &opts.client_id,
+        &redirect_uri,
+        &pkce,
+        &state,
+        opts.forced_chatgpt_workspace_id.as_deref(),
+    );

    if opts.open_browser {
        let _ = webbrowser::open(&auth_url);
@@ -240,6 +253,13 @@ async fn process_request(
                .await
            {
                Ok(tokens) => {
+                    if let Err(message) = ensure_workspace_allowed(
+                        opts.forced_chatgpt_workspace_id.as_deref(),
+                        &tokens.id_token,
+                    ) {
+                        eprintln!("Workspace restriction error: {message}");
+                        return login_error_response(&message);
+                    }
                    // Obtain API key via token-exchange and persist
                    let api_key = obtain_api_key(&opts.issuer, &opts.client_id, &tokens.id_token)
                        .await
@@ -358,22 +378,35 @@ fn build_authorize_url(
    redirect_uri: &str,
    pkce: &PkceCodes,
    state: &str,
+    forced_chatgpt_workspace_id: Option<&str>,
 ) -> String {
-    let query = vec![
-        ("response_type", "code"),
-        ("client_id", client_id),
-        ("redirect_uri", redirect_uri),
-        ("scope", "openid profile email offline_access"),
-        ("code_challenge", &pkce.code_challenge),
-        ("code_challenge_method", "S256"),
-        ("id_token_add_organizations", "true"),
-        ("codex_cli_simplified_flow", "true"),
-        ("state", state),
-        ("originator", originator().value.as_str()),
+    let mut query = vec![
+        ("response_type".to_string(), "code".to_string()),
+        ("client_id".to_string(), client_id.to_string()),
+        ("redirect_uri".to_string(), redirect_uri.to_string()),
+        (
+            "scope".to_string(),
+            "openid profile email offline_access".to_string(),
+        ),
+        (
+            "code_challenge".to_string(),
+            pkce.code_challenge.to_string(),
+        ),
+        ("code_challenge_method".to_string(), "S256".to_string()),
+        ("id_token_add_organizations".to_string(), "true".to_string()),
+        ("codex_cli_simplified_flow".to_string(), "true".to_string()),
+        ("state".to_string(), state.to_string()),
+        (
+            "originator".to_string(),
+            originator().value.as_str().to_string(),
+        ),
    ];
+    if let Some(workspace_id) = forced_chatgpt_workspace_id {
+        query.push(("allowed_workspace_id".to_string(), workspace_id.to_string()));
+    }
    let qs = query
        .into_iter()
-        .map(|(k, v)| format!("{}={}", k, urlencoding::encode(v)))
+        .map(|(k, v)| format!("{k}={}", urlencoding::encode(&v)))
        .collect::<Vec<_>>()
        .join("&");
    format!("{issuer}/oauth/authorize?{qs}")
@@ -616,6 +649,43 @@ fn jwt_auth_claims(jwt: &str) -> serde_json::Map<String, serde_json::Value> {
    serde_json::Map::new()
 }

+pub(crate) fn ensure_workspace_allowed(
+    expected: Option<&str>,
+    id_token: &str,
+) -> Result<(), String> {
+    let Some(expected) = expected else {
+        return Ok(());
+    };
+
+    let claims = jwt_auth_claims(id_token);
+    let Some(actual) = claims.get("chatgpt_account_id").and_then(JsonValue::as_str) else {
+        return Err("Login is restricted to a specific workspace, but the token did not include an chatgpt_account_id claim.".to_string());
+    };
+
+    if actual == expected {
+        Ok(())
+    } else {
+        Err(format!("Login is restricted to workspace id {expected}."))
+    }
+}
+
+// Respond to the oauth server with an error so the code becomes unusable by anybody else.
+fn login_error_response(message: &str) -> HandledRequest {
+    let mut headers = Vec::new();
+    if let Ok(header) = Header::from_bytes(&b"Content-Type"[..], &b"text/plain; charset=utf-8"[..])
+    {
+        headers.push(header);
+    }
+    HandledRequest::ResponseAndExit {
+        headers,
+        body: message.as_bytes().to_vec(),
+        result: Err(io::Error::new(
+            io::ErrorKind::PermissionDenied,
+            message.to_string(),
+        )),
+    }
+}
+
 pub(crate) async fn obtain_api_key(
    issuer: &str,
    client_id: &str,