clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-03 19:06:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: verify agent identity JWTs with JWKS (#19764)

Browse Source
This commit is contained in:
efrazer-oai
2026-04-28 09:56:20 -07:00
committed by GitHub
parent 6138063656
commit f6797c3ac6
13 changed files with 517 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
codex-rs/cli/tests/login.rs
View File

@@ -6,8 +6,6 @@ use pretty_assertions::assert_eq;
use serde_json::Value;
use tempfile::TempDir;
const FAKE_AGENT_IDENTITY_JWT: &str = "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJhZ2VudF9ydW50aW1lX2lkIjoiYWdlbnQtcnVudGltZS1pZCIsImFnZW50X3ByaXZhdGVfa2V5IjoicHJpdmF0ZS1rZXkiLCJhY2NvdW50X2lkIjoiYWNjb3VudC0xMjMiLCJjaGF0Z3B0X3VzZXJfaWQiOiJ1c2VyLWlkIiwiZW1haWwiOiJ1c2VyQGV4YW1wbGUuY29tIiwicGxhbl90eXBlIjoicHJvIiwiY2hhdGdwdF9hY2NvdW50X2lzX2ZlZHJhbXAiOmZhbHNlfQ.c2ln";
fn codex_command(codex_home: &Path) -> Result<assert_cmd::Command> {
let mut cmd = assert_cmd::Command::new(codex_utils_cargo_bin::cargo_bin("codex")?);
cmd.env("CODEX_HOME", codex_home);
@@ -53,22 +51,16 @@ fn login_with_api_key_reads_stdin_and_writes_auth_json() -> Result<()> {
}
#[test]
fn login_with_agent_identity_reads_stdin_and_writes_auth_json() -> Result<()> {
fn login_with_agent_identity_rejects_invalid_jwt() -> Result<()> {
let codex_home = TempDir::new()?;
write_file_auth_config(codex_home.path())?;
let mut cmd = codex_command(codex_home.path())?;
cmd.args(["login", "--with-agent-identity"])
.write_stdin(format!("{FAKE_AGENT_IDENTITY_JWT}\n"))
.write_stdin("not-a-jwt\n")
.assert()
.success()
.stderr(contains("Successfully logged in"));
let auth = read_auth_json(codex_home.path())?;
assert_eq!(auth["auth_mode"], "agentIdentity");
assert_eq!(auth["agent_identity"], FAKE_AGENT_IDENTITY_JWT);
assert!(auth["OPENAI_API_KEY"].is_null());
assert!(auth.get("tokens").is_none());
.failure()
.stderr(contains("Error logging in with Agent Identity"));
Ok(())
}