Simplify auth flow and reconcile differences between ChatGPT and API Key auth (#3189)

This PR does the following: * Adds the ability to paste or type an API key. * Removes the `preferred_auth_method` config option. The last login method is always persisted in auth.json, so this isn't needed. * If OPENAI_API_KEY env variable is defined, the value is used to prepopulate the new UI. The env variable is otherwise ignored by the CLI. * Adds a new MCP server entry point "login_api_key" so we can implement this same API key behavior for the VS Code extension. <img width="473" height="140" alt="Screenshot 2025-09-04 at 3 51 04 PM" src="https://github.com/user-attachments/assets/c11bbd5b-8a4d-4d71-90fd-34130460f9d9" /> <img width="726" height="254" alt="Screenshot 2025-09-04 at 3 51 32 PM" src="https://github.com/user-attachments/assets/6cc76b34-309a-4387-acbc-15ee5c756db9" />
2025-09-11 09:16:34 -07:00
parent 377af75730
commit e13b35ecb0
24 changed files with 412 additions and 494 deletions
--- a/codex-rs/core/src/token_data.rs
+++ b/codex-rs/core/src/token_data.rs
@@ -3,8 +3,6 @@ use serde::Deserialize;
 use serde::Serialize;
 use thiserror::Error;

-use codex_protocol::mcp_protocol::AuthMode;
-
 #[derive(Deserialize, Serialize, Clone, Debug, PartialEq, Default)]
 pub struct TokenData {
    /// Flat info parsed from the JWT in auth.json.
@@ -22,36 +20,6 @@ pub struct TokenData {
    pub account_id: Option<String>,
 }

-impl TokenData {
-    /// Returns true if this is a plan that should use the traditional
-    /// "metered" billing via an API key.
-    pub(crate) fn should_use_api_key(
-        &self,
-        preferred_auth_method: AuthMode,
-        is_openai_email: bool,
-    ) -> bool {
-        if preferred_auth_method == AuthMode::ApiKey {
-            return true;
-        }
-        // If the email is an OpenAI email, use AuthMode::ChatGPT unless preferred_auth_method is AuthMode::ApiKey.
-        if is_openai_email {
-            return false;
-        }
-
-        self.id_token
-            .chatgpt_plan_type
-            .as_ref()
-            .is_none_or(|plan| plan.is_plan_that_should_use_api_key())
-    }
-
-    pub fn is_openai_email(&self) -> bool {
-        self.id_token
-            .email
-            .as_deref()
-            .is_some_and(|email| email.trim().to_ascii_lowercase().ends_with("@openai.com"))
-    }
-}
-
 /// Flat subset of useful claims in id_token from auth.json.
 #[derive(Debug, Clone, PartialEq, Eq, Default, Serialize, Deserialize)]
 pub struct IdTokenInfo {
@@ -80,19 +48,6 @@ pub(crate) enum PlanType {
 }

 impl PlanType {
-    fn is_plan_that_should_use_api_key(&self) -> bool {
-        match self {
-            Self::Known(known) => {
-                use KnownPlan::*;
-                !matches!(known, Free | Plus | Pro | Team)
-            }
-            Self::Unknown(_) => {
-                // Unknown plans should use the API key.
-                true
-            }
-        }
-    }
-
    pub fn as_string(&self) -> String {
        match self {
            Self::Known(known) => format!("{known:?}").to_lowercase(),