fix: allow AgentIdentity through Apps gates

codex-rs/Cargo.lock

@@ -1761,6 +1761,7 @@ dependencies = [
  "codex-app-server-protocol",
  "codex-git-utils",
  "codex-login",
+ "codex-model-provider",
  "codex-plugin",
  "codex-protocol",
  "codex-utils-absolute-path",
@@ -1828,6 +1829,7 @@ dependencies = [
  "chrono",
  "clap",
  "codex-analytics",
+ "codex-api",
  "codex-app-server-protocol",
  "codex-arg0",
  "codex-backend-client",
@@ -1844,6 +1846,7 @@ dependencies = [
  "codex-git-utils",
  "codex-login",
  "codex-mcp",
+ "codex-model-provider",
  "codex-model-provider-info",
  "codex-models-manager",
  "codex-otel",
@@ -2033,9 +2036,11 @@ name = "codex-backend-client"
 version = "0.0.0"
 dependencies = [
  "anyhow",
+ "codex-api",
  "codex-backend-openapi-models",
  "codex-client",
  "codex-login",
+ "codex-model-provider",
  "codex-protocol",
  "pretty_assertions",
  "reqwest",
@@ -2059,11 +2064,11 @@ dependencies = [
  "anyhow",
  "clap",
  "codex-app-server-protocol",
- "codex-config",
  "codex-connectors",
  "codex-core",
  "codex-git-utils",
  "codex-login",
+ "codex-model-provider",
  "codex-utils-cargo-bin",
  "codex-utils-cli",
  "pretty_assertions",
@@ -2190,7 +2195,6 @@ version = "0.0.0"
 dependencies = [
  "anyhow",
  "async-trait",
- "base64 0.22.1",
  "chrono",
  "clap",
  "codex-client",
@@ -2199,6 +2203,7 @@ dependencies = [
  "codex-core",
  "codex-git-utils",
  "codex-login",
+ "codex-model-provider",
  "codex-tui",
  "codex-utils-cli",
  "crossterm",
@@ -2223,6 +2228,7 @@ dependencies = [
  "anyhow",
  "async-trait",
  "chrono",
+ "codex-api",
  "codex-backend-client",
  "codex-git-utils",
  "serde",
@@ -2441,6 +2447,7 @@ dependencies = [
  "codex-exec-server",
  "codex-git-utils",
  "codex-login",
+ "codex-model-provider",
  "codex-plugin",
  "codex-protocol",
  "codex-utils-absolute-path",
@@ -2468,6 +2475,7 @@ dependencies = [
  "codex-config",
  "codex-exec-server",
  "codex-login",
+ "codex-model-provider",
  "codex-otel",
  "codex-protocol",
  "codex-skills",
@@ -2822,10 +2830,12 @@ version = "0.0.0"
 dependencies = [
  "anyhow",
  "async-channel",
+ "codex-api",
  "codex-async-utils",
  "codex-config",
  "codex-exec-server",
  "codex-login",
+ "codex-model-provider",
  "codex-otel",
  "codex-plugin",
  "codex-protocol",
@@ -2885,6 +2895,7 @@ name = "codex-model-provider"
 version = "0.0.0"
 dependencies = [
  "async-trait",
+ "codex-agent-identity",
  "codex-api",
  "codex-aws-auth",
  "codex-client",
@@ -3126,6 +3137,7 @@ version = "0.0.0"
 dependencies = [
  "anyhow",
  "axum",
+ "codex-api",
  "codex-client",
  "codex-config",
  "codex-exec-server",
@@ -10761,9 +10773,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.12"
+version = "0.103.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06"
+checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
 dependencies = [
  "aws-lc-rs",
  "ring",

codex-rs/agent-identity/src/lib.rs

@@ -8,6 +8,7 @@ use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
 use base64::engine::general_purpose::URL_SAFE_NO_PAD;
 use chrono::SecondsFormat;
 use chrono::Utc;
+use codex_protocol::account::PlanType as AccountPlanType;
 use codex_protocol::protocol::SessionSource;
 use crypto_box::SecretKey as Curve25519SecretKey;
 use ed25519_dalek::Signer as _;
@@ -19,6 +20,7 @@ use rand::TryRngCore;
 use rand::rngs::OsRng;
 use serde::Deserialize;
 use serde::Serialize;
+use serde::de::DeserializeOwned;
 use sha2::Digest as _;
 use sha2::Sha512;
 
@@ -50,6 +52,18 @@ pub struct GeneratedAgentKeyMaterial {
     pub public_key_ssh: String,
 }
 
+/// Claims carried by an Agent Identity JWT.
+#[derive(Clone, Debug, Deserialize, PartialEq, Eq)]
+pub struct AgentIdentityJwtClaims {
+    pub agent_runtime_id: String,
+    pub agent_private_key: String,
+    pub account_id: String,
+    pub chatgpt_user_id: String,
+    pub email: String,
+    pub plan_type: AccountPlanType,
+    pub chatgpt_account_is_fedramp: bool,
+}
+
 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
 struct AgentAssertionEnvelope {
     agent_runtime_id: String,
@@ -98,6 +112,10 @@ pub fn authorization_header_for_agent_task(
     Ok(format!("AgentAssertion {serialized_assertion}"))
 }
 
+pub fn decode_agent_identity_jwt(jwt: &str) -> Result<AgentIdentityJwtClaims> {
+    decode_jwt_payload(jwt).context("failed to decode agent identity JWT")
+}
+
 pub fn sign_task_registration_payload(
     key: AgentIdentityKey<'_>,
     timestamp: &str,
@@ -295,6 +313,19 @@ fn serialize_agent_assertion(envelope: &AgentAssertionEnvelope) -> Result<String
     Ok(URL_SAFE_NO_PAD.encode(payload))
 }
 
+fn decode_jwt_payload<T: DeserializeOwned>(jwt: &str) -> Result<T> {
+    let mut parts = jwt.split('.');
+    let (_header_b64, payload_b64, _sig_b64) = match (parts.next(), parts.next(), parts.next()) {
+        (Some(h), Some(p), Some(s)) if !h.is_empty() && !p.is_empty() && !s.is_empty() => (h, p, s),
+        _ => anyhow::bail!("invalid JWT format"),
+    };
+
+    let payload_bytes = URL_SAFE_NO_PAD
+        .decode(payload_b64)
+        .context("JWT payload is not valid base64url")?;
+    serde_json::from_slice(&payload_bytes).context("JWT payload is not valid JSON")
+}
+
 fn curve25519_secret_key_from_signing_key(signing_key: &SigningKey) -> Curve25519SecretKey {
     let digest = Sha512::digest(signing_key.to_bytes());
     let mut secret_key = [0u8; 32];
@@ -404,6 +435,34 @@ mod tests {
         );
     }
 
+    #[test]
+    fn decode_agent_identity_jwt_reads_claims() {
+        let jwt = jwt_with_payload(serde_json::json!({
+            "agent_runtime_id": "agent-runtime-id",
+            "agent_private_key": "private-key",
+            "account_id": "account-id",
+            "chatgpt_user_id": "user-id",
+            "email": "user@example.com",
+            "plan_type": "pro",
+            "chatgpt_account_is_fedramp": false,
+        }));
+
+        let claims = decode_agent_identity_jwt(&jwt).expect("JWT should decode");
+
+        assert_eq!(
+            claims,
+            AgentIdentityJwtClaims {
+                agent_runtime_id: "agent-runtime-id".to_string(),
+                agent_private_key: "private-key".to_string(),
+                account_id: "account-id".to_string(),
+                chatgpt_user_id: "user-id".to_string(),
+                email: "user@example.com".to_string(),
+                plan_type: AccountPlanType::Pro,
+                chatgpt_account_is_fedramp: false,
+            }
+        );
+    }
+
     #[test]
     fn normalize_chatgpt_base_url_strips_codex_before_backend_api() {
         assert_eq!(
@@ -411,4 +470,12 @@ mod tests {
             "https://chatgpt.com/backend-api"
         );
     }
+
+    fn jwt_with_payload(payload: serde_json::Value) -> String {
+        let encode = |bytes: &[u8]| URL_SAFE_NO_PAD.encode(bytes);
+        let header_b64 = encode(br#"{"alg":"none","typ":"JWT"}"#);
+        let payload_b64 = encode(&serde_json::to_vec(&payload).expect("payload should serialize"));
+        let signature_b64 = encode(b"sig");
+        format!("{header_b64}.{payload_b64}.{signature_b64}")
+    }
 }

codex-rs/analytics/Cargo.toml

@@ -16,6 +16,7 @@ workspace = true
 codex-app-server-protocol = { workspace = true }
 codex-git-utils = { workspace = true }
 codex-login = { workspace = true }
+codex-model-provider = { workspace = true }
 codex-plugin = { workspace = true }
 codex-protocol = { workspace = true }
 os_info = { workspace = true }

codex-rs/analytics/src/client.rs

@@ -307,16 +307,9 @@ async fn send_track_events(
     let Some(auth) = auth_manager.auth().await else {
         return;
     };
-    if !auth.is_chatgpt_auth() {
+    if !auth.uses_codex_backend() {
         return;
     }
-    let access_token = match auth.get_token() {
-        Ok(token) => token,
-        Err(_) => return,
-    };
-    let Some(account_id) = auth.get_account_id() else {
-        return;
-    };
 
     let base_url = base_url.trim_end_matches('/');
     let url = format!("{base_url}/codex/analytics-events/events");
@@ -325,8 +318,7 @@ async fn send_track_events(
     let response = create_client()
         .post(&url)
         .timeout(ANALYTICS_EVENTS_TIMEOUT)
-        .bearer_auth(&access_token)
-        .header("chatgpt-account-id", &account_id)
+        .headers(codex_model_provider::auth_provider_from_auth(&auth).to_auth_headers())
         .header("Content-Type", "application/json")
         .json(&payload)
         .send()

codex-rs/app-server/Cargo.toml

@@ -30,6 +30,7 @@ axum = { workspace = true, default-features = false, features = [
     "ws",
 ] }
 codex-analytics = { workspace = true }
+codex-api = { workspace = true }
 codex-arg0 = { workspace = true }
 codex-cloud-requirements = { workspace = true }
 codex-config = { workspace = true }
@@ -49,6 +50,7 @@ codex-file-search = { workspace = true }
 codex-chatgpt = { workspace = true }
 codex-login = { workspace = true }
 codex-mcp = { workspace = true }
+codex-model-provider = { workspace = true }
 codex-models-manager = { workspace = true }
 codex-protocol = { workspace = true }
 codex-app-server-protocol = { workspace = true }

codex-rs/app-server/src/codex_message_processor.rs

@@ -1920,7 +1920,7 @@ impl CodexMessageProcessor {
             });
         };
 
-        if !auth.is_chatgpt_auth() {
+        if !auth.uses_codex_backend() {
             return Err(JSONRPCErrorError {
                 code: INVALID_REQUEST_ERROR_CODE,
                 message: "chatgpt authentication required to notify workspace owner".to_string(),
@@ -1975,7 +1975,7 @@ impl CodexMessageProcessor {
             });
         };
 
-        if !auth.is_chatgpt_auth() {
+        if !auth.uses_codex_backend() {
             return Err(JSONRPCErrorError {
                 code: INVALID_REQUEST_ERROR_CODE,
                 message: "chatgpt authentication required to read rate limits".to_string(),
@@ -6198,7 +6198,7 @@ impl CodexMessageProcessor {
         let auth = self.auth_manager.auth().await;
         if !config
             .features
-            .apps_enabled_for_auth(auth.as_ref().is_some_and(CodexAuth::is_chatgpt_auth))
+            .apps_enabled_for_auth(auth.as_ref().is_some_and(CodexAuth::uses_codex_backend))
         {
             self.outgoing
                 .send_response(

codex-rs/app-server/src/codex_message_processor/plugins.rs

@@ -425,7 +425,7 @@ impl CodexMessageProcessor {
                 let auth = self.auth_manager.auth().await;
                 let apps_needing_auth = if plugin_apps.is_empty()
                     || !config.features.apps_enabled_for_auth(
-                        auth.as_ref().is_some_and(CodexAuth::is_chatgpt_auth),
+                        auth.as_ref().is_some_and(CodexAuth::uses_codex_backend),
                     ) {
                     Vec::new()
                 } else {

codex-rs/app-server/src/message_processor.rs

@@ -1078,7 +1078,7 @@ impl MessageProcessor {
         let auth = self.auth_manager.auth().await;
         if !config.features.apps_enabled_for_auth(
             auth.as_ref()
-                .is_some_and(codex_login::CodexAuth::is_chatgpt_auth),
+                .is_some_and(codex_login::CodexAuth::uses_codex_backend),
         ) {
             return;
         }

codex-rs/app-server/src/transport/remote_control/enroll.rs

@@ -2,6 +2,7 @@ use super::protocol::EnrollRemoteServerRequest;
 use super::protocol::EnrollRemoteServerResponse;
 use super::protocol::RemoteControlTarget;
 use axum::http::HeaderMap;
+use codex_api::SharedAuthProvider;
 use codex_login::default_client::build_reqwest_client;
 use codex_state::RemoteControlEnrollmentRecord;
 use codex_state::StateRuntime;
@@ -27,9 +28,8 @@ pub(super) struct RemoteControlEnrollment {
     pub(super) server_name: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Eq)]
 pub(super) struct RemoteControlConnectionAuth {
-    pub(super) bearer_token: String,
+    pub(super) auth_provider: SharedAuthProvider,
     pub(super) account_id: String,
 }
 
@@ -199,10 +199,12 @@ pub(super) async fn enroll_remote_control_server(
         app_server_version: env!("CARGO_PKG_VERSION"),
     };
     let client = build_reqwest_client();
+    let mut auth_headers = HeaderMap::new();
+    auth.auth_provider.add_auth_headers(&mut auth_headers);
     let http_request = client
         .post(enroll_url)
         .timeout(REMOTE_CONTROL_ENROLL_TIMEOUT)
-        .bearer_auth(&auth.bearer_token)
+        .headers(auth_headers)
         .header(REMOTE_CONTROL_ACCOUNT_ID_HEADER, &auth.account_id)
         .json(&request);
 
@@ -445,7 +447,7 @@ mod tests {
         let err = enroll_remote_control_server(
             &remote_control_target,
             &RemoteControlConnectionAuth {
-                bearer_token: "Access Token".to_string(),
+                auth_provider: codex_model_provider::unauthenticated_auth_provider(),
                 account_id: "account_id".to_string(),
             },
         )

codex-rs/app-server/src/transport/remote_control/websocket.rs

@@ -680,11 +680,9 @@ fn build_remote_control_websocket_request(
         "x-codex-protocol-version",
         REMOTE_CONTROL_PROTOCOL_VERSION,
     )?;
-    set_remote_control_header(
-        headers,
-        "authorization",
-        &format!("Bearer {}", auth.bearer_token),
-    )?;
+    let mut auth_headers = tungstenite::http::HeaderMap::new();
+    auth.auth_provider.add_auth_headers(&mut auth_headers);
+    headers.extend(auth_headers);
     set_remote_control_header(headers, REMOTE_CONTROL_ACCOUNT_ID_HEADER, &auth.account_id)?;
     if let Some(subscribe_cursor) = subscribe_cursor {
         set_remote_control_header(
@@ -712,7 +710,7 @@ pub(crate) async fn load_remote_control_auth(
             reloaded = true;
             continue;
         };
-        if !auth.is_chatgpt_auth() {
+        if !auth.uses_codex_backend() {
             break auth;
         }
         if auth.get_account_id().is_none() && !reloaded {
@@ -723,7 +721,7 @@ pub(crate) async fn load_remote_control_auth(
         break auth;
     };
 
-    if !auth.is_chatgpt_auth() {
+    if !auth.uses_codex_backend() {
         return Err(io::Error::new(
             ErrorKind::PermissionDenied,
             "remote control requires ChatGPT authentication; API key auth is not supported",
@@ -731,7 +729,7 @@ pub(crate) async fn load_remote_control_auth(
     }
 
     Ok(RemoteControlConnectionAuth {
-        bearer_token: auth.get_token().map_err(io::Error::other)?,
+        auth_provider: codex_model_provider::auth_provider_from_auth(&auth),
         account_id: auth.get_account_id().ok_or_else(|| {
             io::Error::new(
                 ErrorKind::WouldBlock,

codex-rs/backend-client/Cargo.toml

@@ -17,8 +17,10 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
 codex-backend-openapi-models = { path = "../codex-backend-openapi-models" }
+codex-api = { workspace = true }
 codex-client = { workspace = true }
 codex-login = { workspace = true }
+codex-model-provider = { workspace = true }
 codex-protocol = { workspace = true }
 
 [dev-dependencies]

codex-rs/backend-client/src/client.rs

@@ -5,6 +5,7 @@ use crate::types::RateLimitReachedKind as BackendRateLimitReachedKind;
 use crate::types::RateLimitStatusPayload;
 use crate::types::TurnAttemptsSiblingTurnsResponse;
 use anyhow::Result;
+use codex_api::SharedAuthProvider;
 use codex_client::build_reqwest_client_with_custom_ca;
 use codex_client::with_chatgpt_cloudflare_cookie_store;
 use codex_login::CodexAuth;
@@ -15,7 +16,6 @@ use codex_protocol::protocol::RateLimitReachedType;
 use codex_protocol::protocol::RateLimitSnapshot;
 use codex_protocol::protocol::RateLimitWindow;
 use reqwest::StatusCode;
-use reqwest::header::AUTHORIZATION;
 use reqwest::header::CONTENT_TYPE;
 use reqwest::header::HeaderMap;
 use reqwest::header::HeaderName;
@@ -113,17 +113,33 @@ impl PathStyle {
     }
 }
 
-#[derive(Clone, Debug)]
+#[derive(Clone)]
 pub struct Client {
     base_url: String,
     http: reqwest::Client,
-    bearer_token: Option<String>,
+    auth_provider: SharedAuthProvider,
     user_agent: Option<HeaderValue>,
     chatgpt_account_id: Option<String>,
     chatgpt_account_is_fedramp: bool,
     path_style: PathStyle,
 }
 
+impl fmt::Debug for Client {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_struct("Client")
+            .field("base_url", &self.base_url)
+            .field("auth_provider", &"<provider>")
+            .field("user_agent", &self.user_agent)
+            .field("chatgpt_account_id", &self.chatgpt_account_id)
+            .field(
+                "chatgpt_account_is_fedramp",
+                &self.chatgpt_account_is_fedramp,
+            )
+            .field("path_style", &self.path_style)
+            .finish_non_exhaustive()
+    }
+}
+
 impl Client {
     pub fn new(base_url: impl Into<String>) -> Result<Self> {
         let mut base_url = base_url.into();
@@ -145,7 +161,7 @@ impl Client {
         Ok(Self {
             base_url,
             http,
-            bearer_token: None,
+            auth_provider: codex_model_provider::unauthenticated_auth_provider(),
             user_agent: None,
             chatgpt_account_id: None,
             chatgpt_account_is_fedramp: false,
@@ -154,21 +170,13 @@ impl Client {
     }
 
     pub fn from_auth(base_url: impl Into<String>, auth: &CodexAuth) -> Result<Self> {
-        let token = auth.get_token().map_err(anyhow::Error::from)?;
-        let mut client = Self::new(base_url)?
+        Ok(Self::new(base_url)?
             .with_user_agent(get_codex_user_agent())
-            .with_bearer_token(token);
-        if let Some(account_id) = auth.get_account_id() {
-            client = client.with_chatgpt_account_id(account_id);
-        }
-        if auth.is_fedramp_account() {
-            client = client.with_fedramp_routing_header();
-        }
-        Ok(client)
+            .with_auth_provider(codex_model_provider::auth_provider_from_auth(auth)))
     }
 
-    pub fn with_bearer_token(mut self, token: impl Into<String>) -> Self {
-        self.bearer_token = Some(token.into());
+    pub fn with_auth_provider(mut self, auth: SharedAuthProvider) -> Self {
+        self.auth_provider = auth;
         self
     }
 
@@ -201,12 +209,7 @@ impl Client {
         } else {
             h.insert(USER_AGENT, HeaderValue::from_static("codex-cli"));
         }
-        if let Some(token) = &self.bearer_token {
-            let value = format!("Bearer {token}");
-            if let Ok(hv) = HeaderValue::from_str(&value) {
-                h.insert(AUTHORIZATION, hv);
-            }
-        }
+        self.auth_provider.add_auth_headers(&mut h);
         if let Some(acc) = &self.chatgpt_account_id
             && let Ok(name) = HeaderName::from_bytes(b"ChatGPT-Account-Id")
             && let Ok(hv) = HeaderValue::from_str(acc)
@@ -819,7 +822,7 @@ mod tests {
         let codex_client = Client {
             base_url: "https://example.test".to_string(),
             http: reqwest::Client::new(),
-            bearer_token: None,
+            auth_provider: codex_model_provider::unauthenticated_auth_provider(),
             user_agent: None,
             chatgpt_account_id: None,
             chatgpt_account_is_fedramp: false,
@@ -833,7 +836,7 @@ mod tests {
         let chatgpt_client = Client {
             base_url: "https://chatgpt.com/backend-api".to_string(),
             http: reqwest::Client::new(),
-            bearer_token: None,
+            auth_provider: codex_model_provider::unauthenticated_auth_provider(),
             user_agent: None,
             chatgpt_account_id: None,
             chatgpt_account_is_fedramp: false,

codex-rs/chatgpt/Cargo.toml

@@ -12,10 +12,10 @@ anyhow = { workspace = true }
 clap = { workspace = true, features = ["derive"] }
 codex-app-server-protocol = { workspace = true }
 codex-connectors = { workspace = true }
-codex-config = { workspace = true }
 codex-core = { workspace = true }
 codex-git-utils = { workspace = true }
 codex-login = { workspace = true }
+codex-model-provider = { workspace = true }
 codex-utils-cli = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 tokio = { workspace = true, features = ["full"] }

codex-rs/chatgpt/src/apply_command.rs

@@ -6,7 +6,6 @@ use codex_git_utils::ApplyGitRequest;
 use codex_git_utils::apply_git_patch;
 use codex_utils_cli::CliConfigOverrides;
 
-use crate::chatgpt_token::init_chatgpt_token_from_auth;
 use crate::get_task::GetTaskResponse;
 use crate::get_task::OutputItem;
 use crate::get_task::PrOutputItem;
@@ -32,9 +31,6 @@ pub async fn run_apply_command(
     )
     .await?;
 
-    init_chatgpt_token_from_auth(&config.codex_home, config.cli_auth_credentials_store_mode)
-        .await?;
-
     let task_response = get_task(&config, apply_cli.task_id).await?;
     apply_diff_from_task(task_response, cwd).await
 }

codex-rs/chatgpt/src/chatgpt_client.rs

@@ -1,9 +1,7 @@
 use codex_core::config::Config;
+use codex_login::AuthManager;
 use codex_login::default_client::create_client;
 
-use crate::chatgpt_token::get_chatgpt_token_data;
-use crate::chatgpt_token::init_chatgpt_token_from_auth;
-
 use anyhow::Context;
 use serde::de::DeserializeOwned;
 use std::time::Duration;
@@ -22,24 +20,28 @@ pub(crate) async fn chatgpt_get_request_with_timeout<T: DeserializeOwned>(
     timeout: Option<Duration>,
 ) -> anyhow::Result<T> {
     let chatgpt_base_url = &config.chatgpt_base_url;
-    init_chatgpt_token_from_auth(&config.codex_home, config.cli_auth_credentials_store_mode)
-        .await?;
+    let auth_manager =
+        AuthManager::shared_from_config(config, /*enable_codex_api_key_env*/ false);
+    let auth = auth_manager
+        .auth()
+        .await
+        .ok_or_else(|| anyhow::anyhow!("ChatGPT auth not available"))?;
+    anyhow::ensure!(
+        auth.uses_codex_backend(),
+        "ChatGPT backend requests require Codex backend auth"
+    );
+    anyhow::ensure!(
+        auth.get_account_id().is_some(),
+        "ChatGPT account ID not available, please re-run `codex login`"
+    );
 
     // Make direct HTTP request to ChatGPT backend API with the token
     let client = create_client();
     let url = format!("{chatgpt_base_url}{path}");
 
-    let token =
-        get_chatgpt_token_data().ok_or_else(|| anyhow::anyhow!("ChatGPT token not available"))?;
-
-    let account_id = token.account_id.ok_or_else(|| {
-        anyhow::anyhow!("ChatGPT account ID not available, please re-run `codex login`")
-    });
-
     let mut request = client
         .get(&url)
-        .bearer_auth(&token.access_token)
-        .header("chatgpt-account-id", account_id?)
+        .headers(codex_model_provider::auth_provider_from_auth(&auth).to_auth_headers())
         .header("Content-Type", "application/json");
 
     if let Some(timeout) = timeout {

codex-rs/chatgpt/src/chatgpt_token.rs

@@ -1,36 +0,0 @@
-use codex_config::types::AuthCredentialsStoreMode;
-use codex_login::AuthManager;
-use codex_login::token_data::TokenData;
-use std::path::Path;
-use std::sync::LazyLock;
-use std::sync::RwLock;
-
-static CHATGPT_TOKEN: LazyLock<RwLock<Option<TokenData>>> = LazyLock::new(|| RwLock::new(None));
-
-pub fn get_chatgpt_token_data() -> Option<TokenData> {
-    CHATGPT_TOKEN.read().ok()?.clone()
-}
-
-pub fn set_chatgpt_token_data(value: TokenData) {
-    if let Ok(mut guard) = CHATGPT_TOKEN.write() {
-        *guard = Some(value);
-    }
-}
-
-/// Initialize the ChatGPT token from auth.json file
-pub async fn init_chatgpt_token_from_auth(
-    codex_home: &Path,
-    auth_credentials_store_mode: AuthCredentialsStoreMode,
-) -> std::io::Result<()> {
-    let auth_manager = AuthManager::new(
-        codex_home.to_path_buf(),
-        /*enable_codex_api_key_env*/ false,
-        auth_credentials_store_mode,
-        /*chatgpt_base_url*/ None,
-    );
-    if let Some(auth) = auth_manager.auth().await {
-        let token_data = auth.get_token_data()?;
-        set_chatgpt_token_data(token_data);
-    }
-    Ok(())
-}

codex-rs/chatgpt/src/connectors.rs

@@ -2,8 +2,6 @@ use std::collections::HashSet;
 use std::time::Duration;
 
 use crate::chatgpt_client::chatgpt_get_request_with_timeout;
-use crate::chatgpt_token::get_chatgpt_token_data;
-use crate::chatgpt_token::init_chatgpt_token_from_auth;
 
 use codex_app_server_protocol::AppInfo;
 use codex_connectors::AllConnectorsCacheKey;
@@ -23,22 +21,32 @@ use codex_core::plugins::PluginsManager;
 use codex_login::AuthManager;
 use codex_login::CodexAuth;
 use codex_login::default_client::originator;
-use codex_login::token_data::TokenData;
 
 const DIRECTORY_CONNECTORS_TIMEOUT: Duration = Duration::from_secs(60);
 
 async fn apps_enabled(config: &Config) -> bool {
-    let auth_manager = AuthManager::shared(
-        config.codex_home.to_path_buf(),
-        /*enable_codex_api_key_env*/ false,
-        config.cli_auth_credentials_store_mode,
-        Some(config.chatgpt_base_url.clone()),
-    );
+    let auth_manager =
+        AuthManager::shared_from_config(config, /*enable_codex_api_key_env*/ false);
     let auth = auth_manager.auth().await;
     config
         .features
-        .apps_enabled_for_auth(auth.as_ref().is_some_and(CodexAuth::is_chatgpt_auth))
+        .apps_enabled_for_auth(auth.as_ref().is_some_and(CodexAuth::uses_codex_backend))
 }
+
+async fn connector_auth(config: &Config) -> anyhow::Result<CodexAuth> {
+    let auth_manager =
+        AuthManager::shared_from_config(config, /*enable_codex_api_key_env*/ false);
+    let auth = auth_manager
+        .auth()
+        .await
+        .ok_or_else(|| anyhow::anyhow!("ChatGPT auth not available"))?;
+    anyhow::ensure!(
+        auth.uses_codex_backend(),
+        "ChatGPT connectors require Codex backend auth"
+    );
+    Ok(auth)
+}
+
 pub async fn list_connectors(config: &Config) -> anyhow::Result<Vec<AppInfo>> {
     if !apps_enabled(config).await {
         return Ok(Vec::new());
@@ -66,14 +74,8 @@ pub async fn list_cached_all_connectors(config: &Config) -> Option<Vec<AppInfo>>
         return Some(Vec::new());
     }
 
-    if init_chatgpt_token_from_auth(&config.codex_home, config.cli_auth_credentials_store_mode)
-        .await
-        .is_err()
-    {
-        return None;
-    }
-    let token_data = get_chatgpt_token_data()?;
-    let cache_key = all_connectors_cache_key(config, &token_data);
+    let auth = connector_auth(config).await.ok()?;
+    let cache_key = all_connectors_cache_key(config, &auth);
     let connectors = codex_connectors::cached_all_connectors(&cache_key)?;
     let connectors = merge_plugin_connectors(
         connectors,
@@ -95,15 +97,11 @@ pub async fn list_all_connectors_with_options(
     if !apps_enabled(config).await {
         return Ok(Vec::new());
     }
-    init_chatgpt_token_from_auth(&config.codex_home, config.cli_auth_credentials_store_mode)
-        .await?;
-
-    let token_data =
-        get_chatgpt_token_data().ok_or_else(|| anyhow::anyhow!("ChatGPT token not available"))?;
-    let cache_key = all_connectors_cache_key(config, &token_data);
+    let auth = connector_auth(config).await?;
+    let cache_key = all_connectors_cache_key(config, &auth);
     let connectors = codex_connectors::list_all_connectors_with_options(
         cache_key,
-        token_data.id_token.is_workspace_account(),
+        auth.is_workspace_account(),
         force_refetch,
         |path| async move {
             chatgpt_get_request_with_timeout::<DirectoryListResponse>(
@@ -128,12 +126,12 @@ pub async fn list_all_connectors_with_options(
     ))
 }
 
-fn all_connectors_cache_key(config: &Config, token_data: &TokenData) -> AllConnectorsCacheKey {
+fn all_connectors_cache_key(config: &Config, auth: &CodexAuth) -> AllConnectorsCacheKey {
     AllConnectorsCacheKey::new(
         config.chatgpt_base_url.clone(),
-        token_data.account_id.clone(),
-        token_data.id_token.chatgpt_user_id.clone(),
-        token_data.id_token.is_workspace_account(),
+        auth.get_account_id(),
+        auth.get_chatgpt_user_id(),
+        auth.is_workspace_account(),
     )
 }
 

codex-rs/chatgpt/src/lib.rs

@@ -1,5 +1,4 @@
 pub mod apply_command;
 mod chatgpt_client;
-mod chatgpt_token;
 pub mod connectors;
 pub mod get_task;

codex-rs/cli/src/lib.rs

@@ -9,8 +9,10 @@ use codex_utils_cli::CliConfigOverrides;
 pub use debug_sandbox::run_command_under_landlock;
 pub use debug_sandbox::run_command_under_seatbelt;
 pub use debug_sandbox::run_command_under_windows;
+pub use login::read_agent_identity_from_stdin;
 pub use login::read_api_key_from_stdin;
 pub use login::run_login_status;
+pub use login::run_login_with_agent_identity;
 pub use login::run_login_with_api_key;
 pub use login::run_login_with_chatgpt;
 pub use login::run_login_with_device_code;

codex-rs/cli/src/login.rs

@@ -13,6 +13,7 @@ use codex_core::config::Config;
 use codex_login::CLIENT_ID;
 use codex_login::CodexAuth;
 use codex_login::ServerOptions;
+use codex_login::login_with_agent_identity;
 use codex_login::login_with_api_key;
 use codex_login::logout_with_revoke;
 use codex_login::run_device_code_login;
@@ -34,6 +35,8 @@ const CHATGPT_LOGIN_DISABLED_MESSAGE: &str =
     "ChatGPT login is disabled. Use API key login instead.";
 const API_KEY_LOGIN_DISABLED_MESSAGE: &str =
     "API key login is disabled. Use ChatGPT login instead.";
+const AGENT_IDENTITY_LOGIN_DISABLED_MESSAGE: &str =
+    "Agent Identity login is disabled. Use API key login instead.";
 const LOGIN_SUCCESS_MESSAGE: &str = "Successfully logged in";
 
 /// Installs a small file-backed tracing layer for direct `codex login` flows.
@@ -187,31 +190,74 @@ pub async fn run_login_with_api_key(
     }
 }
 
+pub async fn run_login_with_agent_identity(
+    cli_config_overrides: CliConfigOverrides,
+    agent_identity: String,
+) -> ! {
+    let config = load_config_or_exit(cli_config_overrides).await;
+    let _login_log_guard = init_login_file_logging(&config);
+    tracing::info!("starting agent identity login flow");
+
+    if matches!(config.forced_login_method, Some(ForcedLoginMethod::Api)) {
+        eprintln!("{AGENT_IDENTITY_LOGIN_DISABLED_MESSAGE}");
+        std::process::exit(1);
+    }
+
+    match login_with_agent_identity(
+        &config.codex_home,
+        &agent_identity,
+        config.cli_auth_credentials_store_mode,
+    ) {
+        Ok(_) => {
+            eprintln!("{LOGIN_SUCCESS_MESSAGE}");
+            std::process::exit(0);
+        }
+        Err(e) => {
+            eprintln!("Error logging in with Agent Identity: {e}");
+            std::process::exit(1);
+        }
+    }
+}
+
 pub fn read_api_key_from_stdin() -> String {
+    read_stdin_secret(
+        "--with-api-key expects the API key on stdin. Try piping it, e.g. `printenv OPENAI_API_KEY | codex login --with-api-key`.",
+        "Reading API key from stdin...",
+        "No API key provided via stdin.",
+    )
+}
+
+pub fn read_agent_identity_from_stdin() -> String {
+    read_stdin_secret(
+        "--with-agent-identity expects the Agent Identity token on stdin. Try piping it, e.g. `printenv CODEX_AGENT_IDENTITY | codex login --with-agent-identity`.",
+        "Reading Agent Identity token from stdin...",
+        "No Agent Identity token provided via stdin.",
+    )
+}
+
+fn read_stdin_secret(terminal_message: &str, reading_message: &str, empty_message: &str) -> String {
     let mut stdin = std::io::stdin();
 
     if stdin.is_terminal() {
-        eprintln!(
-            "--with-api-key expects the API key on stdin. Try piping it, e.g. `printenv OPENAI_API_KEY | codex login --with-api-key`."
-        );
+        eprintln!("{terminal_message}");
         std::process::exit(1);
     }
 
-    eprintln!("Reading API key from stdin...");
+    eprintln!("{reading_message}");
 
     let mut buffer = String::new();
     if let Err(err) = stdin.read_to_string(&mut buffer) {
-        eprintln!("Failed to read API key from stdin: {err}");
+        eprintln!("Failed to read stdin: {err}");
         std::process::exit(1);
     }
 
-    let api_key = buffer.trim().to_string();
-    if api_key.is_empty() {
-        eprintln!("No API key provided via stdin.");
+    let secret = buffer.trim().to_string();
+    if secret.is_empty() {
+        eprintln!("{empty_message}");
         std::process::exit(1);
     }
 
-    api_key
+    secret
 }
 
 /// Login using the OAuth device code flow.

codex-rs/cli/src/main.rs

@@ -10,8 +10,10 @@ use codex_chatgpt::apply_command::run_apply_command;
 use codex_cli::LandlockCommand;
 use codex_cli::SeatbeltCommand;
 use codex_cli::WindowsCommand;
+use codex_cli::read_agent_identity_from_stdin;
 use codex_cli::read_api_key_from_stdin;
 use codex_cli::run_login_status;
+use codex_cli::run_login_with_agent_identity;
 use codex_cli::run_login_with_api_key;
 use codex_cli::run_login_with_chatgpt;
 use codex_cli::run_login_with_device_code;
@@ -347,6 +349,12 @@ struct LoginCommand {
     )]
     with_api_key: bool,
 
+    #[arg(
+        long = "with-agent-identity",
+        help = "Read the experimental Agent Identity token from stdin (e.g. `printenv CODEX_AGENT_IDENTITY | codex login --with-agent-identity`)"
+    )]
+    with_agent_identity: bool,
+
     #[arg(
         long = "api-key",
         num_args = 0..=1,
@@ -903,7 +911,12 @@ async fn cli_main(arg0_paths: Arg0DispatchPaths) -> anyhow::Result<()> {
                     run_login_status(login_cli.config_overrides).await;
                 }
                 None => {
-                    if login_cli.use_device_code {
+                    if login_cli.with_api_key && login_cli.with_agent_identity {
+                        eprintln!(
+                            "Choose one login credential source: --with-api-key or --with-agent-identity."
+                        );
+                        std::process::exit(1);
+                    } else if login_cli.use_device_code {
                         run_login_with_device_code(
                             login_cli.config_overrides,
                             login_cli.issuer_base_url,
@@ -918,6 +931,10 @@ async fn cli_main(arg0_paths: Arg0DispatchPaths) -> anyhow::Result<()> {
                     } else if login_cli.with_api_key {
                         let api_key = read_api_key_from_stdin();
                         run_login_with_api_key(login_cli.config_overrides, api_key).await;
+                    } else if login_cli.with_agent_identity {
+                        let agent_identity = read_agent_identity_from_stdin();
+                        run_login_with_agent_identity(login_cli.config_overrides, agent_identity)
+                            .await;
                     } else {
                         run_login_with_chatgpt(login_cli.config_overrides).await;
                     }

codex-rs/cli/src/mcp_cmd.rs

@@ -486,8 +486,12 @@ async fn run_list(config_overrides: &CliConfigOverrides, list_args: ListArgs) ->
 
     let mut entries: Vec<_> = mcp_servers.iter().collect();
     entries.sort_by(|(a, _), (b, _)| a.cmp(b));
-    let auth_statuses =
-        compute_auth_statuses(mcp_servers.iter(), config.mcp_oauth_credentials_store_mode).await;
+    let auth_statuses = compute_auth_statuses(
+        mcp_servers.iter(),
+        config.mcp_oauth_credentials_store_mode,
+        /*auth*/ None,
+    )
+    .await;
 
     if list_args.json {
         let json_entries: Vec<_> = entries

codex-rs/cli/tests/login.rs

@@ -0,0 +1,74 @@
+use std::path::Path;
+
+use anyhow::Result;
+use predicates::str::contains;
+use pretty_assertions::assert_eq;
+use serde_json::Value;
+use tempfile::TempDir;
+
+const FAKE_AGENT_IDENTITY_JWT: &str = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJhZ2VudF9ydW50aW1lX2lkIjoiYWdlbnQtcnVudGltZS1pZCIsImFnZW50X3ByaXZhdGVfa2V5IjoicHJpdmF0ZS1rZXkiLCJhY2NvdW50X2lkIjoiYWNjb3VudC0xMjMiLCJjaGF0Z3B0X3VzZXJfaWQiOiJ1c2VyLWlkIiwiZW1haWwiOiJ1c2VyQGV4YW1wbGUuY29tIiwicGxhbl90eXBlIjoicHJvIiwiY2hhdGdwdF9hY2NvdW50X2lzX2ZlZHJhbXAiOmZhbHNlfQ.c2ln";
+
+fn codex_command(codex_home: &Path) -> Result<assert_cmd::Command> {
+    let mut cmd = assert_cmd::Command::new(codex_utils_cargo_bin::cargo_bin("codex")?);
+    cmd.env("CODEX_HOME", codex_home);
+    Ok(cmd)
+}
+
+fn write_file_auth_config(codex_home: &Path) -> Result<()> {
+    std::fs::write(
+        codex_home.join("config.toml"),
+        "cli_auth_credentials_store = \"file\"\n",
+    )?;
+    Ok(())
+}
+
+fn read_auth_json(codex_home: &Path) -> Result<Value> {
+    let auth_json = std::fs::read_to_string(codex_home.join("auth.json"))?;
+    Ok(serde_json::from_str(&auth_json)?)
+}
+
+#[test]
+fn login_with_api_key_reads_stdin_and_writes_auth_json() -> Result<()> {
+    let codex_home = TempDir::new()?;
+    write_file_auth_config(codex_home.path())?;
+
+    let mut cmd = codex_command(codex_home.path())?;
+    cmd.args([
+        "-c",
+        "forced_login_method=\"api\"",
+        "login",
+        "--with-api-key",
+    ])
+    .write_stdin("sk-test\n")
+    .assert()
+    .success()
+    .stderr(contains("Successfully logged in"));
+
+    let auth = read_auth_json(codex_home.path())?;
+    assert_eq!(auth["OPENAI_API_KEY"], "sk-test");
+    assert!(auth.get("tokens").is_none());
+    assert!(auth.get("agent_identity").is_none());
+
+    Ok(())
+}
+
+#[test]
+fn login_with_agent_identity_reads_stdin_and_writes_auth_json() -> Result<()> {
+    let codex_home = TempDir::new()?;
+    write_file_auth_config(codex_home.path())?;
+
+    let mut cmd = codex_command(codex_home.path())?;
+    cmd.args(["login", "--with-agent-identity"])
+        .write_stdin(format!("{FAKE_AGENT_IDENTITY_JWT}\n"))
+        .assert()
+        .success()
+        .stderr(contains("Successfully logged in"));
+
+    let auth = read_auth_json(codex_home.path())?;
+    assert_eq!(auth["auth_mode"], "agentIdentity");
+    assert_eq!(auth["agent_identity"], FAKE_AGENT_IDENTITY_JWT);
+    assert!(auth["OPENAI_API_KEY"].is_null());
+    assert!(auth.get("tokens").is_none());
+
+    Ok(())
+}

codex-rs/cloud-requirements/src/lib.rs

@@ -169,13 +169,7 @@ fn verify_cache_signature(payload_bytes: &[u8], signature: &str) -> bool {
 }
 
 fn auth_identity(auth: &CodexAuth) -> (Option<String>, Option<String>) {
-    let token_data = auth.get_token_data().ok();
-    let chatgpt_user_id = token_data
-        .as_ref()
-        .and_then(|token_data| token_data.id_token.chatgpt_user_id.as_deref())
-        .map(str::to_owned);
-    let account_id = auth.get_account_id();
-    (chatgpt_user_id, account_id)
+    (auth.get_chatgpt_user_id(), auth.get_account_id())
 }
 
 fn cache_payload_bytes(payload: &CloudRequirementsCacheSignedPayload) -> Option<Vec<u8>> {
@@ -331,7 +325,7 @@ impl CloudRequirementsService {
         let Some(plan_type) = auth.account_plan_type() else {
             return Ok(None);
         };
-        if !auth.is_chatgpt_auth()
+        if !auth.uses_codex_backend()
             || !(plan_type.is_business_like() || matches!(plan_type, PlanType::Enterprise))
         {
             return Ok(None);
@@ -551,7 +545,7 @@ impl CloudRequirementsService {
         let Some(plan_type) = auth.account_plan_type() else {
             return false;
         };
-        if !auth.is_chatgpt_auth()
+        if !auth.uses_codex_backend()
             || !(plan_type.is_business_like() || matches!(plan_type, PlanType::Enterprise))
         {
             return false;

codex-rs/cloud-tasks-client/Cargo.toml

@@ -15,6 +15,7 @@ workspace = true
 anyhow = { workspace = true }
 async-trait = { workspace = true }
 chrono = { workspace = true, features = ["serde"] }
+codex-api = { workspace = true }
 codex-backend-client = { workspace = true }
 codex-git-utils = { workspace = true }
 serde = { version = "1", features = ["derive"] }

codex-rs/cloud-tasks-client/src/http.rs

@@ -14,6 +14,7 @@ use crate::api::TaskText;
 use chrono::DateTime;
 use chrono::Utc;
 
+use codex_api::SharedAuthProvider;
 use codex_backend_client as backend;
 use codex_backend_client::CodeTaskDetailsResponseExt;
 use codex_git_utils::ApplyGitRequest;
@@ -32,13 +33,13 @@ impl HttpClient {
         Ok(Self { base_url, backend })
     }
 
-    pub fn with_bearer_token(mut self, token: impl Into<String>) -> Self {
-        self.backend = self.backend.clone().with_bearer_token(token);
+    pub fn with_user_agent(mut self, ua: impl Into<String>) -> Self {
+        self.backend = self.backend.clone().with_user_agent(ua);
         self
     }
 
-    pub fn with_user_agent(mut self, ua: impl Into<String>) -> Self {
-        self.backend = self.backend.clone().with_user_agent(ua);
+    pub fn with_auth_provider(mut self, auth: SharedAuthProvider) -> Self {
+        self.backend = self.backend.clone().with_auth_provider(auth);
         self
     }
 

codex-rs/cloud-tasks/Cargo.toml

@@ -13,7 +13,6 @@ workspace = true
 
 [dependencies]
 anyhow = { workspace = true }
-base64 = { workspace = true }
 chrono = { workspace = true, features = ["serde"] }
 clap = { workspace = true, features = ["derive"] }
 codex-client = { workspace = true }
@@ -23,6 +22,7 @@ codex-cloud-tasks-mock-client = { workspace = true }
 codex-core = { workspace = true }
 codex-git-utils = { workspace = true }
 codex-login = { path = "../login" }
+codex-model-provider = { workspace = true }
 codex-tui = { workspace = true }
 codex-utils-cli = { workspace = true }
 crossterm = { workspace = true, features = ["event-stream"] }

codex-rs/cloud-tasks/src/lib.rs

@@ -68,7 +68,7 @@ async fn init_backend(user_agent_suffix: &str) -> anyhow::Result<BackendContext>
     };
     append_error_log(format!("startup: base_url={base_url} path_style={style}"));
 
-    let auth_manager = util::load_auth_manager().await;
+    let auth_manager = util::load_auth_manager(Some(base_url.clone())).await;
     let auth = match auth_manager.as_ref() {
         Some(manager) => manager.auth().await,
         None => None,
@@ -87,23 +87,17 @@ async fn init_backend(user_agent_suffix: &str) -> anyhow::Result<BackendContext>
         append_error_log(format!("auth: mode=ChatGPT account_id={acc}"));
     }
 
-    let token = match auth.get_token() {
-        Ok(t) if !t.is_empty() => t,
-        _ => {
-            eprintln!(
-                "Not signed in. Please run 'codex login' to sign in with ChatGPT, then re-run 'codex cloud'."
-            );
-            std::process::exit(1);
-        }
-    };
+    if !auth.uses_codex_backend() {
+        eprintln!(
+            "Not signed in. Please run 'codex login' to sign in with ChatGPT, then re-run 'codex cloud'."
+        );
+        std::process::exit(1);
+    }
 
-    http = http.with_bearer_token(token.clone());
-    if let Some(acc) = auth
-        .get_account_id()
-        .or_else(|| util::extract_chatgpt_account_id(&token))
-    {
+    let auth_provider = codex_model_provider::auth_provider_from_auth(&auth);
+    http = http.with_auth_provider(auth_provider);
+    if let Some(acc) = auth.get_account_id() {
         append_error_log(format!("auth: set ChatGPT-Account-Id header: {acc}"));
-        http = http.with_chatgpt_account_id(acc);
     }
 
     Ok(BackendContext {

codex-rs/cloud-tasks/src/util.rs

@@ -1,4 +1,3 @@
-use base64::Engine as _;
 use chrono::DateTime;
 use chrono::Local;
 use chrono::Utc;
@@ -42,39 +41,20 @@ pub fn normalize_base_url(input: &str) -> String {
     base_url
 }
 
-/// Extract the ChatGPT account id from a JWT token, when present.
-pub fn extract_chatgpt_account_id(token: &str) -> Option<String> {
-    let mut parts = token.split('.');
-    let (_h, payload_b64, _s) = match (parts.next(), parts.next(), parts.next()) {
-        (Some(h), Some(p), Some(s)) if !h.is_empty() && !p.is_empty() && !s.is_empty() => (h, p, s),
-        _ => return None,
-    };
-    let payload_bytes = base64::engine::general_purpose::URL_SAFE_NO_PAD
-        .decode(payload_b64)
-        .ok()?;
-    let v: serde_json::Value = serde_json::from_slice(&payload_bytes).ok()?;
-    v.get("https://api.openai.com/auth")
-        .and_then(|auth| auth.get("chatgpt_account_id"))
-        .and_then(|id| id.as_str())
-        .map(str::to_string)
-}
-
-pub async fn load_auth_manager() -> Option<AuthManager> {
+pub async fn load_auth_manager(chatgpt_base_url: Option<String>) -> Option<AuthManager> {
     // TODO: pass in cli overrides once cloud tasks properly support them.
     let config = Config::load_with_cli_overrides(Vec::new()).await.ok()?;
     Some(AuthManager::new(
         config.codex_home.to_path_buf(),
         /*enable_codex_api_key_env*/ false,
         config.cli_auth_credentials_store_mode,
-        Some(config.chatgpt_base_url),
+        chatgpt_base_url.or(Some(config.chatgpt_base_url)),
     ))
 }
 
 /// Build headers for ChatGPT-backed requests: `User-Agent`, optional `Authorization`,
 /// and optional `ChatGPT-Account-Id`.
 pub async fn build_chatgpt_headers() -> HeaderMap {
-    use reqwest::header::AUTHORIZATION;
-    use reqwest::header::HeaderName;
     use reqwest::header::HeaderValue;
     use reqwest::header::USER_AGENT;
 
@@ -85,23 +65,11 @@ pub async fn build_chatgpt_headers() -> HeaderMap {
         USER_AGENT,
         HeaderValue::from_str(&ua).unwrap_or(HeaderValue::from_static("codex-cli")),
     );
-    if let Some(am) = load_auth_manager().await
+    if let Some(am) = load_auth_manager(/*chatgpt_base_url*/ None).await
         && let Some(auth) = am.auth().await
-        && let Ok(tok) = auth.get_token()
-        && !tok.is_empty()
+        && auth.uses_codex_backend()
     {
-        let v = format!("Bearer {tok}");
-        if let Ok(hv) = HeaderValue::from_str(&v) {
-            headers.insert(AUTHORIZATION, hv);
-        }
-        if let Some(acc) = auth
-            .get_account_id()
-            .or_else(|| extract_chatgpt_account_id(&tok))
-            && let Ok(name) = HeaderName::from_bytes(b"ChatGPT-Account-Id")
-            && let Ok(hv) = HeaderValue::from_str(&acc)
-        {
-            headers.insert(name, hv);
-        }
+        headers.extend(codex_model_provider::auth_provider_from_auth(&auth).to_auth_headers());
     }
     headers
 }

codex-rs/codex-api/src/auth.rs

@@ -34,6 +34,13 @@ pub trait AuthProvider: Send + Sync {
     /// used by telemetry and non-HTTP request paths.
     fn add_auth_headers(&self, headers: &mut HeaderMap);
 
+    /// Returns any auth headers that are available without request body access.
+    fn to_auth_headers(&self) -> HeaderMap {
+        let mut headers = HeaderMap::new();
+        self.add_auth_headers(&mut headers);
+        headers
+    }
+
     /// Applies auth to a complete outbound request and returns the request to send.
     ///
     /// The input `request` is moved into this method. Implementations may mutate

codex-rs/codex-mcp/Cargo.toml

@@ -15,9 +15,11 @@ workspace = true
 anyhow = { workspace = true }
 async-channel = { workspace = true }
 codex-async-utils = { workspace = true }
+codex-api = { workspace = true }
 codex-config = { workspace = true }
 codex-exec-server = { workspace = true }
 codex-login = { workspace = true }
+codex-model-provider = { workspace = true }
 codex-otel = { workspace = true }
 codex-plugin = { workspace = true }
 codex-protocol = { workspace = true }

codex-rs/codex-mcp/src/mcp/auth.rs

@@ -1,7 +1,10 @@
 use std::collections::HashMap;
 
 use anyhow::Result;
+use codex_config::McpServerConfig;
+use codex_config::McpServerTransportConfig;
 use codex_config::types::OAuthCredentialsStoreMode;
+use codex_login::CodexAuth;
 use codex_protocol::protocol::McpAuthStatus;
 use codex_rmcp_client::OAuthProviderError;
 use codex_rmcp_client::determine_streamable_http_auth_status;
@@ -9,8 +12,7 @@ use codex_rmcp_client::discover_streamable_http_oauth;
 use futures::future::join_all;
 use tracing::warn;
 
-use codex_config::McpServerConfig;
-use codex_config::McpServerTransportConfig;
+use super::CODEX_APPS_MCP_SERVER_NAME;
 
 #[derive(Debug, Clone)]
 pub struct McpOAuthLoginConfig {
@@ -126,6 +128,7 @@ pub struct McpAuthStatusEntry {
 pub async fn compute_auth_statuses<'a, I>(
     servers: I,
     store_mode: OAuthCredentialsStoreMode,
+    auth: Option<&CodexAuth>,
 ) -> HashMap<String, McpAuthStatusEntry>
 where
     I: IntoIterator<Item = (&'a String, &'a McpServerConfig)>,
@@ -133,14 +136,24 @@ where
     let futures = servers.into_iter().map(|(name, config)| {
         let name = name.clone();
         let config = config.clone();
-        async move {
-            let auth_status = match compute_auth_status(&name, &config, store_mode).await {
-                Ok(status) => status,
-                Err(error) => {
-                    warn!("failed to determine auth status for MCP server `{name}`: {error:?}");
-                    McpAuthStatus::Unsupported
+        let has_runtime_auth = name == CODEX_APPS_MCP_SERVER_NAME
+            && auth.is_some_and(CodexAuth::uses_codex_backend)
+            && matches!(
+                &config.transport,
+                McpServerTransportConfig::StreamableHttp {
+                    bearer_token_env_var: None,
+                    ..
                 }
-            };
+            );
+        async move {
+            let auth_status =
+                match compute_auth_status(&name, &config, store_mode, has_runtime_auth).await {
+                    Ok(status) => status,
+                    Err(error) => {
+                        warn!("failed to determine auth status for MCP server `{name}`: {error:?}");
+                        McpAuthStatus::Unsupported
+                    }
+                };
             let entry = McpAuthStatusEntry {
                 config,
                 auth_status,
@@ -156,11 +169,16 @@ async fn compute_auth_status(
     server_name: &str,
     config: &McpServerConfig,
     store_mode: OAuthCredentialsStoreMode,
+    has_runtime_auth: bool,
 ) -> Result<McpAuthStatus> {
     if !config.enabled {
         return Ok(McpAuthStatus::Unsupported);
     }
 
+    if has_runtime_auth {
+        return Ok(McpAuthStatus::BearerToken);
+    }
+
     match &config.transport {
         McpServerTransportConfig::Stdio { .. } => Ok(McpAuthStatus::Unsupported),
         McpServerTransportConfig::StreamableHttp {

codex-rs/codex-mcp/src/mcp/mod.rs

@@ -205,31 +205,6 @@ fn codex_apps_mcp_bearer_token_env_var() -> Option<String> {
     }
 }
 
-fn codex_apps_mcp_bearer_token(auth: Option<&CodexAuth>) -> Option<String> {
-    let token = auth.and_then(|auth| auth.get_token().ok())?;
-    let token = token.trim();
-    if token.is_empty() {
-        None
-    } else {
-        Some(token.to_string())
-    }
-}
-
-fn codex_apps_mcp_http_headers(auth: Option<&CodexAuth>) -> Option<HashMap<String, String>> {
-    let mut headers = HashMap::new();
-    if let Some(token) = codex_apps_mcp_bearer_token(auth) {
-        headers.insert("Authorization".to_string(), format!("Bearer {token}"));
-    }
-    if let Some(account_id) = auth.and_then(CodexAuth::get_account_id) {
-        headers.insert("ChatGPT-Account-ID".to_string(), account_id);
-    }
-    if headers.is_empty() {
-        None
-    } else {
-        Some(headers)
-    }
-}
-
 fn normalize_codex_apps_base_url(base_url: &str) -> String {
     let mut base_url = base_url.trim_end_matches('/').to_string();
     if (base_url.starts_with("https://chatgpt.com")
@@ -256,20 +231,14 @@ pub(crate) fn codex_apps_mcp_url(config: &McpConfig) -> String {
     codex_apps_mcp_url_for_base_url(&config.chatgpt_base_url)
 }
 
-fn codex_apps_mcp_server_config(config: &McpConfig, auth: Option<&CodexAuth>) -> McpServerConfig {
-    let bearer_token_env_var = codex_apps_mcp_bearer_token_env_var();
-    let http_headers = if bearer_token_env_var.is_some() {
-        None
-    } else {
-        codex_apps_mcp_http_headers(auth)
-    };
+fn codex_apps_mcp_server_config(config: &McpConfig) -> McpServerConfig {
     let url = codex_apps_mcp_url(config);
 
     McpServerConfig {
         transport: McpServerTransportConfig::StreamableHttp {
             url,
-            bearer_token_env_var,
-            http_headers,
+            bearer_token_env_var: codex_apps_mcp_bearer_token_env_var(),
+            http_headers: None,
             env_http_headers: None,
         },
         experimental_environment: None,
@@ -293,10 +262,10 @@ pub fn with_codex_apps_mcp(
     auth: Option<&CodexAuth>,
     config: &McpConfig,
 ) -> HashMap<String, McpServerConfig> {
-    if config.apps_enabled && auth.is_some_and(CodexAuth::is_chatgpt_auth) {
+    if config.apps_enabled && auth.is_some_and(CodexAuth::uses_codex_backend) {
         servers.insert(
             CODEX_APPS_MCP_SERVER_NAME.to_string(),
-            codex_apps_mcp_server_config(config, auth),
+            codex_apps_mcp_server_config(config),
         );
     } else {
         servers.remove(CODEX_APPS_MCP_SERVER_NAME);
@@ -329,8 +298,12 @@ pub async fn read_mcp_resource(
 ) -> anyhow::Result<ReadResourceResult> {
     let mut mcp_servers = effective_mcp_servers(config, auth);
     mcp_servers.retain(|name, _| name == server);
-    let auth_statuses =
-        compute_auth_statuses(mcp_servers.iter(), config.mcp_oauth_credentials_store_mode).await;
+    let auth_statuses = compute_auth_statuses(
+        mcp_servers.iter(),
+        config.mcp_oauth_credentials_store_mode,
+        auth,
+    )
+    .await;
     let (tx_event, rx_event) = unbounded();
     drop(rx_event);
     let (manager, cancel_token) = McpConnectionManager::new(
@@ -345,6 +318,7 @@ pub async fn read_mcp_resource(
         config.codex_home.clone(),
         codex_apps_tools_cache_key(auth),
         tool_plugin_provenance(config),
+        auth,
     )
     .await;
 
@@ -395,8 +369,12 @@ pub async fn collect_mcp_snapshot_with_detail(
         };
     }
 
-    let auth_status_entries =
-        compute_auth_statuses(mcp_servers.iter(), config.mcp_oauth_credentials_store_mode).await;
+    let auth_status_entries = compute_auth_statuses(
+        mcp_servers.iter(),
+        config.mcp_oauth_credentials_store_mode,
+        auth,
+    )
+    .await;
 
     let (tx_event, rx_event) = unbounded();
     drop(rx_event);
@@ -413,6 +391,7 @@ pub async fn collect_mcp_snapshot_with_detail(
         config.codex_home.clone(),
         codex_apps_tools_cache_key(auth),
         tool_plugin_provenance,
+        auth,
     )
     .await;
 
@@ -470,8 +449,12 @@ pub async fn collect_mcp_server_status_snapshot_with_detail(
         };
     }
 
-    let auth_status_entries =
-        compute_auth_statuses(mcp_servers.iter(), config.mcp_oauth_credentials_store_mode).await;
+    let auth_status_entries = compute_auth_statuses(
+        mcp_servers.iter(),
+        config.mcp_oauth_credentials_store_mode,
+        auth,
+    )
+    .await;
 
     let (tx_event, rx_event) = unbounded();
     drop(rx_event);
@@ -488,6 +471,7 @@ pub async fn collect_mcp_server_status_snapshot_with_detail(
         config.codex_home.clone(),
         codex_apps_tools_cache_key(auth),
         tool_plugin_provenance,
+        auth,
     )
     .await;
 

codex-rs/codex-mcp/src/mcp_connection_manager.rs

@@ -32,6 +32,7 @@ use anyhow::Context;
 use anyhow::Result;
 use anyhow::anyhow;
 use async_channel::Sender;
+use codex_api::SharedAuthProvider;
 use codex_async_utils::CancelErr;
 use codex_async_utils::OrCancelExt;
 use codex_config::Constrained;
@@ -120,21 +121,10 @@ fn sha1_hex(s: &str) -> String {
 }
 
 pub fn codex_apps_tools_cache_key(auth: Option<&CodexAuth>) -> CodexAppsToolsCacheKey {
-    let token_data = auth.and_then(|auth| auth.get_token_data().ok());
-    let account_id = token_data
-        .as_ref()
-        .and_then(|token_data| token_data.account_id.clone());
-    let chatgpt_user_id = token_data
-        .as_ref()
-        .and_then(|token_data| token_data.id_token.chatgpt_user_id.clone());
-    let is_workspace_account = token_data
-        .as_ref()
-        .is_some_and(|token_data| token_data.id_token.is_workspace_account());
-
     CodexAppsToolsCacheKey {
-        account_id,
-        chatgpt_user_id,
-        is_workspace_account,
+        account_id: auth.and_then(CodexAuth::get_account_id),
+        chatgpt_user_id: auth.and_then(CodexAuth::get_chatgpt_user_id),
+        is_workspace_account: auth.is_some_and(CodexAuth::is_workspace_account),
     }
 }
 
@@ -496,6 +486,7 @@ impl AsyncManagedClient {
         codex_apps_tools_cache_context: Option<CodexAppsToolsCacheContext>,
         tool_plugin_provenance: Arc<ToolPluginProvenance>,
         runtime_environment: McpRuntimeEnvironment,
+        runtime_auth_provider: Option<SharedAuthProvider>,
     ) -> Self {
         let tool_filter = ToolFilter::from_config(&config);
         let startup_snapshot = load_startup_cached_codex_apps_tools_snapshot(
@@ -518,6 +509,7 @@ impl AsyncManagedClient {
                         config.clone(),
                         store_mode,
                         runtime_environment,
+                        runtime_auth_provider,
                     )
                     .await?,
                 );
@@ -755,6 +747,7 @@ impl McpConnectionManager {
         codex_home: PathBuf,
         codex_apps_tools_cache_key: CodexAppsToolsCacheKey,
         tool_plugin_provenance: ToolPluginProvenance,
+        auth: Option<&CodexAuth>,
     ) -> (Self, CancellationToken) {
         let cancel_token = CancellationToken::new();
         let mut clients = HashMap::new();
@@ -764,6 +757,9 @@ impl McpConnectionManager {
             ElicitationRequestManager::new(approval_policy.value(), initial_sandbox_policy);
         let tool_plugin_provenance = Arc::new(tool_plugin_provenance);
         let startup_submit_id = submit_id.clone();
+        let codex_apps_auth_provider = auth
+            .filter(|auth| auth.uses_codex_backend())
+            .map(codex_model_provider::auth_provider_from_auth);
         let mcp_servers = mcp_servers.clone();
         for (server_name, cfg) in mcp_servers.into_iter().filter(|(_, cfg)| cfg.enabled) {
             if let Some(origin) = transport_origin(&cfg.transport) {
@@ -787,6 +783,19 @@ impl McpConnectionManager {
             } else {
                 None
             };
+            let uses_env_bearer_token = match &cfg.transport {
+                McpServerTransportConfig::StreamableHttp {
+                    bearer_token_env_var,
+                    ..
+                } => bearer_token_env_var.is_some(),
+                McpServerTransportConfig::Stdio { .. } => false,
+            };
+            let runtime_auth_provider =
+                if server_name == CODEX_APPS_MCP_SERVER_NAME && !uses_env_bearer_token {
+                    codex_apps_auth_provider.clone()
+                } else {
+                    None
+                };
             let async_managed_client = AsyncManagedClient::new(
                 server_name.clone(),
                 cfg,
@@ -797,6 +806,7 @@ impl McpConnectionManager {
                 codex_apps_tools_cache_context,
                 Arc::clone(&tool_plugin_provenance),
                 runtime_environment.clone(),
+                runtime_auth_provider,
             );
             clients.insert(server_name.clone(), async_managed_client.clone());
             let tx_event = tx_event.clone();
@@ -1530,6 +1540,7 @@ async fn make_rmcp_client(
     config: McpServerConfig,
     store_mode: OAuthCredentialsStoreMode,
     runtime_environment: McpRuntimeEnvironment,
+    runtime_auth_provider: Option<SharedAuthProvider>,
 ) -> Result<RmcpClient, StartupOutcomeError> {
     let McpServerConfig {
         transport,
@@ -1618,6 +1629,7 @@ async fn make_rmcp_client(
                 http_headers,
                 env_http_headers,
                 store_mode,
+                runtime_auth_provider,
             )
             .await
             .map_err(StartupOutcomeError::from)

codex-rs/core-plugins/Cargo.toml

@@ -19,6 +19,7 @@ codex-core-skills = { workspace = true }
 codex-exec-server = { workspace = true }
 codex-git-utils = { workspace = true }
 codex-login = { workspace = true }
+codex-model-provider = { workspace = true }
 codex-plugin = { workspace = true }
 codex-protocol = { workspace = true }
 codex-utils-absolute-path = { workspace = true }

codex-rs/core-plugins/src/remote.rs

@@ -606,7 +606,7 @@ fn ensure_chatgpt_auth(auth: Option<&CodexAuth>) -> Result<&CodexAuth, RemotePlu
     let Some(auth) = auth else {
         return Err(RemotePluginCatalogError::AuthRequired);
     };
-    if !auth.is_chatgpt_auth() {
+    if !auth.uses_codex_backend() {
         return Err(RemotePluginCatalogError::UnsupportedAuthMode);
     }
     Ok(auth)
@@ -616,16 +616,9 @@ fn authenticated_request(
     request: RequestBuilder,
     auth: &CodexAuth,
 ) -> Result<RequestBuilder, RemotePluginCatalogError> {
-    let token = auth
-        .get_token()
-        .map_err(RemotePluginCatalogError::AuthToken)?;
-    let mut request = request
+    Ok(request
         .timeout(REMOTE_PLUGIN_CATALOG_TIMEOUT)
-        .bearer_auth(token);
-    if let Some(account_id) = auth.get_account_id() {
-        request = request.header("chatgpt-account-id", account_id);
-    }
-    Ok(request)
+        .headers(codex_model_provider::auth_provider_from_auth(auth).to_auth_headers()))
 }
 
 async fn send_and_decode<T: for<'de> Deserialize<'de>>(

codex-rs/core-plugins/src/remote_legacy.rs

@@ -123,23 +123,17 @@ pub async fn fetch_remote_plugin_status(
     let Some(auth) = auth else {
         return Err(RemotePluginFetchError::AuthRequired);
     };
-    if !auth.is_chatgpt_auth() {
+    if !auth.uses_codex_backend() {
         return Err(RemotePluginFetchError::UnsupportedAuthMode);
     }
 
     let base_url = config.chatgpt_base_url.trim_end_matches('/');
     let url = format!("{base_url}/plugins/list");
     let client = build_reqwest_client();
-    let token = auth
-        .get_token()
-        .map_err(RemotePluginFetchError::AuthToken)?;
-    let mut request = client
+    let request = client
         .get(&url)
         .timeout(REMOTE_PLUGIN_FETCH_TIMEOUT)
-        .bearer_auth(token);
-    if let Some(account_id) = auth.get_account_id() {
-        request = request.header("chatgpt-account-id", account_id);
-    }
+        .headers(codex_model_provider::auth_provider_from_auth(auth).to_auth_headers());
 
     let response = request
         .send()
@@ -176,14 +170,9 @@ pub async fn fetch_remote_featured_plugin_ids(
         )])
         .timeout(REMOTE_FEATURED_PLUGIN_FETCH_TIMEOUT);
 
-    if let Some(auth) = auth.filter(|auth| auth.is_chatgpt_auth()) {
-        let token = auth
-            .get_token()
-            .map_err(RemotePluginFetchError::AuthToken)?;
-        request = request.bearer_auth(token);
-        if let Some(account_id) = auth.get_account_id() {
-            request = request.header("chatgpt-account-id", account_id);
-        }
+    if let Some(auth) = auth.filter(|auth| auth.uses_codex_backend()) {
+        request =
+            request.headers(codex_model_provider::auth_provider_from_auth(auth).to_auth_headers());
     }
 
     let response = request
@@ -223,11 +212,13 @@ pub async fn uninstall_remote_plugin(
     Ok(())
 }
 
-fn ensure_chatgpt_auth(auth: Option<&CodexAuth>) -> Result<&CodexAuth, RemotePluginMutationError> {
+fn ensure_codex_backend_auth(
+    auth: Option<&CodexAuth>,
+) -> Result<&CodexAuth, RemotePluginMutationError> {
     let Some(auth) = auth else {
         return Err(RemotePluginMutationError::AuthRequired);
     };
-    if !auth.is_chatgpt_auth() {
+    if !auth.uses_codex_backend() {
         return Err(RemotePluginMutationError::UnsupportedAuthMode);
     }
     Ok(auth)
@@ -243,19 +234,13 @@ async fn post_remote_plugin_mutation(
     plugin_id: &str,
     action: &str,
 ) -> Result<RemotePluginMutationResponse, RemotePluginMutationError> {
-    let auth = ensure_chatgpt_auth(auth)?;
+    let auth = ensure_codex_backend_auth(auth)?;
     let url = remote_plugin_mutation_url(config, plugin_id, action)?;
     let client = build_reqwest_client();
-    let token = auth
-        .get_token()
-        .map_err(RemotePluginMutationError::AuthToken)?;
-    let mut request = client
+    let request = client
         .post(url.clone())
         .timeout(REMOTE_PLUGIN_MUTATION_TIMEOUT)
-        .bearer_auth(token);
-    if let Some(account_id) = auth.get_account_id() {
-        request = request.header("chatgpt-account-id", account_id);
-    }
+        .headers(codex_model_provider::auth_provider_from_auth(auth).to_auth_headers());
 
     let response = request
         .send()

codex-rs/core-skills/Cargo.toml

@@ -19,6 +19,7 @@ codex-app-server-protocol = { workspace = true }
 codex-config = { workspace = true }
 codex-exec-server = { workspace = true }
 codex-login = { workspace = true }
+codex-model-provider = { workspace = true }
 codex-otel = { workspace = true }
 codex-protocol = { workspace = true }
 codex-skills = { workspace = true }

codex-rs/core-skills/src/remote.rs

@@ -48,11 +48,11 @@ fn as_query_product_surface(product_surface: RemoteSkillProductSurface) -> &'sta
     }
 }
 
-fn ensure_chatgpt_auth(auth: Option<&CodexAuth>) -> Result<&CodexAuth> {
+fn ensure_codex_backend_auth(auth: Option<&CodexAuth>) -> Result<&CodexAuth> {
     let Some(auth) = auth else {
         anyhow::bail!("chatgpt authentication required for remote skill scopes");
     };
-    if !auth.is_chatgpt_auth() {
+    if !auth.uses_codex_backend() {
         anyhow::bail!(
             "chatgpt authentication required for remote skill scopes; api key auth is not supported"
         );
@@ -94,7 +94,7 @@ pub async fn list_remote_skills(
     enabled: Option<bool>,
 ) -> Result<Vec<RemoteSkillSummary>> {
     let base_url = chatgpt_base_url.trim_end_matches('/');
-    let auth = ensure_chatgpt_auth(auth)?;
+    let auth = ensure_codex_backend_auth(auth)?;
 
     let url = format!("{base_url}/hazelnuts");
     let product_surface = as_query_product_surface(product_surface);
@@ -108,17 +108,11 @@ pub async fn list_remote_skills(
     }
 
     let client = build_reqwest_client();
-    let mut request = client
+    let request = client
         .get(&url)
         .timeout(REMOTE_SKILLS_API_TIMEOUT)
-        .query(&query_params);
-    let token = auth
-        .get_token()
-        .context("Failed to read auth token for remote skills")?;
-    request = request.bearer_auth(token);
-    if let Some(account_id) = auth.get_account_id() {
-        request = request.header("chatgpt-account-id", account_id);
-    }
+        .query(&query_params)
+        .headers(codex_model_provider::auth_provider_from_auth(auth).to_auth_headers());
     let response = request
         .send()
         .await
@@ -150,20 +144,15 @@ pub async fn export_remote_skill(
     auth: Option<&CodexAuth>,
     skill_id: &str,
 ) -> Result<RemoteSkillDownloadResult> {
-    let auth = ensure_chatgpt_auth(auth)?;
+    let auth = ensure_codex_backend_auth(auth)?;
 
     let client = build_reqwest_client();
     let base_url = chatgpt_base_url.trim_end_matches('/');
     let url = format!("{base_url}/hazelnuts/{skill_id}/export");
-    let mut request = client.get(&url).timeout(REMOTE_SKILLS_API_TIMEOUT);
-
-    let token = auth
-        .get_token()
-        .context("Failed to read auth token for remote skills")?;
-    request = request.bearer_auth(token);
-    if let Some(account_id) = auth.get_account_id() {
-        request = request.header("chatgpt-account-id", account_id);
-    }
+    let request = client
+        .get(&url)
+        .timeout(REMOTE_SKILLS_API_TIMEOUT)
+        .headers(codex_model_provider::auth_provider_from_auth(auth).to_auth_headers());
 
     let response = request
         .send()

codex-rs/core/src/arc_monitor.rs

@@ -9,7 +9,6 @@ use crate::compact::content_items_to_text;
 use crate::event_mapping::is_contextual_user_message_content;
 use crate::session::session::Session;
 use crate::session::turn_context::TurnContext;
-use codex_login::CodexAuth;
 use codex_login::default_client::build_reqwest_client;
 use codex_protocol::models::MessagePhase;
 use codex_protocol::models::ResponseItem;
@@ -104,28 +103,15 @@ pub(crate) async fn monitor_action(
 ) -> ArcMonitorOutcome {
     let auth = match turn_context.auth_manager.as_ref() {
         Some(auth_manager) => match auth_manager.auth().await {
-            Some(auth) if auth.is_chatgpt_auth() => Some(auth),
+            Some(auth) if auth.uses_codex_backend() => Some(auth),
             _ => None,
         },
         None => None,
     };
-    let token = if let Some(token) = read_non_empty_env_var(CODEX_ARC_MONITOR_TOKEN) {
-        token
-    } else {
-        let Some(auth) = auth.as_ref() else {
-            return ArcMonitorOutcome::Ok;
-        };
-        match auth.get_token() {
-            Ok(token) => token,
-            Err(err) => {
-                warn!(
-                    error = %err,
-                    "skipping safety monitor because auth token is unavailable"
-                );
-                return ArcMonitorOutcome::Ok;
-            }
-        }
-    };
+    let env_token = read_non_empty_env_var(CODEX_ARC_MONITOR_TOKEN);
+    if env_token.is_none() && auth.is_none() {
+        return ArcMonitorOutcome::Ok;
+    }
 
     let url = read_non_empty_env_var(CODEX_ARC_MONITOR_ENDPOINT_OVERRIDE).unwrap_or_else(|| {
         format!(
@@ -143,13 +129,12 @@ pub(crate) async fn monitor_action(
     let body =
         build_arc_monitor_request(sess, turn_context, action, protection_client_callsite).await;
     let client = build_reqwest_client();
-    let mut request = client
-        .post(&url)
-        .timeout(ARC_MONITOR_TIMEOUT)
-        .json(&body)
-        .bearer_auth(token);
-    if let Some(account_id) = auth.as_ref().and_then(CodexAuth::get_account_id) {
-        request = request.header("chatgpt-account-id", account_id);
+    let mut request = client.post(&url).timeout(ARC_MONITOR_TIMEOUT).json(&body);
+    if let Some(token) = env_token {
+        request = request.bearer_auth(token);
+    } else if let Some(auth) = auth.as_ref() {
+        request =
+            request.headers(codex_model_provider::auth_provider_from_auth(auth).to_auth_headers());
     }
 
     let response = match request.send().await {

codex-rs/core/src/client.rs

@@ -1120,7 +1120,7 @@ impl ModelClientSession {
 
     fn responses_request_compression(&self, auth: Option<&CodexAuth>) -> Compression {
         if self.client.state.enable_request_compression
-            && auth.is_some_and(CodexAuth::is_chatgpt_auth)
+            && auth.is_some_and(CodexAuth::uses_codex_backend)
             && self.client.state.provider.info().is_openai()
         {
             Compression::Zstd

codex-rs/core/src/connectors.rs

@@ -8,6 +8,7 @@ use std::time::Instant;
 
 use anyhow::Context;
 use async_channel::unbounded;
+use codex_api::SharedAuthProvider;
 pub use codex_app_server_protocol::AppBranding;
 pub use codex_app_server_protocol::AppInfo;
 pub use codex_app_server_protocol::AppMetadata;
@@ -16,7 +17,6 @@ use codex_connectors::DirectoryListResponse;
 use codex_exec_server::EnvironmentManager;
 use codex_exec_server::EnvironmentManagerArgs;
 use codex_exec_server::ExecServerRuntimePaths;
-use codex_login::token_data::TokenData;
 use codex_protocol::protocol::SandboxPolicy;
 use codex_tools::DiscoverableTool;
 use rmcp::model::ToolAnnotations;
@@ -148,7 +148,7 @@ pub async fn list_cached_accessible_connectors_from_mcp_tools(
     let auth = auth_manager.auth().await;
     if !config
         .features
-        .apps_enabled_for_auth(auth.as_ref().is_some_and(CodexAuth::is_chatgpt_auth))
+        .apps_enabled_for_auth(auth.as_ref().is_some_and(CodexAuth::uses_codex_backend))
     {
         return Some(Vec::new());
     }
@@ -220,7 +220,7 @@ pub async fn list_accessible_connectors_from_mcp_tools_with_environment_manager(
     let auth = auth_manager.auth().await;
     if !config
         .features
-        .apps_enabled_for_auth(auth.as_ref().is_some_and(CodexAuth::is_chatgpt_auth))
+        .apps_enabled_for_auth(auth.as_ref().is_some_and(CodexAuth::uses_codex_backend))
     {
         return Ok(AccessibleConnectorsStatus {
             connectors: Vec::new(),
@@ -253,8 +253,12 @@ pub async fn list_accessible_connectors_from_mcp_tools_with_environment_manager(
         });
     }
 
-    let auth_status_entries =
-        compute_auth_statuses(mcp_servers.iter(), config.mcp_oauth_credentials_store_mode).await;
+    let auth_status_entries = compute_auth_statuses(
+        mcp_servers.iter(),
+        config.mcp_oauth_credentials_store_mode,
+        auth.as_ref(),
+    )
+    .await;
 
     let (tx_event, rx_event) = unbounded();
     drop(rx_event);
@@ -275,6 +279,7 @@ pub async fn list_accessible_connectors_from_mcp_tools_with_environment_manager(
         config.codex_home.to_path_buf(),
         codex_apps_tools_cache_key(auth.as_ref()),
         ToolPluginProvenance::default(),
+        auth.as_ref(),
     )
     .await;
 
@@ -351,16 +356,9 @@ fn accessible_connectors_cache_key(
     config: &Config,
     auth: Option<&CodexAuth>,
 ) -> AccessibleConnectorsCacheKey {
-    let token_data: Option<TokenData> = auth.and_then(|auth| auth.get_token_data().ok());
-    let account_id = token_data
-        .as_ref()
-        .and_then(|token_data| token_data.account_id.clone());
-    let chatgpt_user_id = token_data
-        .as_ref()
-        .and_then(|token_data| token_data.id_token.chatgpt_user_id.clone());
-    let is_workspace_account = token_data
-        .as_ref()
-        .is_some_and(|token_data| token_data.id_token.is_workspace_account());
+    let account_id = auth.and_then(CodexAuth::get_account_id);
+    let chatgpt_user_id = auth.and_then(CodexAuth::get_chatgpt_user_id);
+    let is_workspace_account = auth.is_some_and(CodexAuth::is_workspace_account);
     AccessibleConnectorsCacheKey {
         chatgpt_base_url: config.chatgpt_base_url.clone(),
         account_id,
@@ -431,31 +429,29 @@ async fn list_directory_connectors_for_tool_suggest_with_auth(
         return Ok(Vec::new());
     }
 
-    let token_data = if let Some(auth) = auth {
-        auth.get_token_data().ok()
+    let loaded_auth;
+    let auth = if let Some(auth) = auth {
+        Some(auth)
     } else {
         let auth_manager =
             AuthManager::shared_from_config(config, /*enable_codex_api_key_env*/ false);
-        auth_manager
-            .auth()
-            .await
-            .and_then(|auth| auth.get_token_data().ok())
+        loaded_auth = auth_manager.auth().await;
+        loaded_auth.as_ref()
     };
-    let Some(token_data) = token_data else {
+    let Some(auth) = auth.filter(|auth| auth.uses_codex_backend()) else {
         return Ok(Vec::new());
     };
 
-    let account_id = match token_data.account_id.as_deref() {
+    let account_id = match auth.get_account_id() {
         Some(account_id) if !account_id.is_empty() => account_id,
         _ => return Ok(Vec::new()),
     };
-    let access_token = token_data.access_token.clone();
-    let account_id = account_id.to_string();
-    let is_workspace_account = token_data.id_token.is_workspace_account();
+    let auth_provider = codex_model_provider::auth_provider_from_auth(auth);
+    let is_workspace_account = auth.is_workspace_account();
     let cache_key = AllConnectorsCacheKey::new(
         config.chatgpt_base_url.clone(),
         Some(account_id.clone()),
-        token_data.id_token.chatgpt_user_id.clone(),
+        auth.get_chatgpt_user_id(),
         is_workspace_account,
     );
 
@@ -464,14 +460,12 @@ async fn list_directory_connectors_for_tool_suggest_with_auth(
         is_workspace_account,
         /*force_refetch*/ false,
         |path| {
-            let access_token = access_token.clone();
-            let account_id = account_id.clone();
+            let auth_provider = auth_provider.clone();
             async move {
-                chatgpt_get_request_with_token::<DirectoryListResponse>(
+                chatgpt_get_request_with_auth_provider::<DirectoryListResponse>(
                     config,
                     path,
-                    access_token.as_str(),
-                    account_id.as_str(),
+                    auth_provider,
                 )
                 .await
             }
@@ -480,18 +474,16 @@ async fn list_directory_connectors_for_tool_suggest_with_auth(
     .await
 }
 
-async fn chatgpt_get_request_with_token<T: DeserializeOwned>(
+async fn chatgpt_get_request_with_auth_provider<T: DeserializeOwned>(
     config: &Config,
     path: String,
-    access_token: &str,
-    account_id: &str,
+    auth_provider: SharedAuthProvider,
 ) -> anyhow::Result<T> {
     let client = create_client();
     let url = format!("{}{}", config.chatgpt_base_url, path);
     let response = client
         .get(&url)
-        .bearer_auth(access_token)
-        .header("chatgpt-account-id", account_id)
+        .headers(auth_provider.to_auth_headers())
         .header("Content-Type", "application/json")
         .timeout(DIRECTORY_CONNECTORS_TIMEOUT)
         .send()

codex-rs/core/src/mcp_openai_file.rs

@@ -14,7 +14,6 @@ use crate::session::session::Session;
 use crate::session::turn_context::TurnContext;
 use codex_api::upload_local_file;
 use codex_login::CodexAuth;
-use codex_model_provider::BearerAuthProvider;
 use serde_json::Value as JsonValue;
 
 pub(crate) async fn rewrite_mcp_tool_arguments_for_openai_files(
@@ -109,17 +108,15 @@ async fn build_uploaded_local_argument_value(
             "ChatGPT auth is required to upload local files for Codex Apps tools".to_string(),
         );
     };
-    let token_data = auth
-        .get_token_data()
-        .map_err(|error| format!("failed to read ChatGPT auth for file upload: {error}"))?;
-    let upload_auth = BearerAuthProvider {
-        token: Some(token_data.access_token),
-        account_id: token_data.account_id,
-        is_fedramp_account: auth.is_fedramp_account(),
-    };
+    if !auth.uses_codex_backend() {
+        return Err(
+            "ChatGPT auth is required to upload local files for Codex Apps tools".to_string(),
+        );
+    }
+    let upload_auth = codex_model_provider::auth_provider_from_auth(auth);
     let uploaded = upload_local_file(
         turn_context.config.chatgpt_base_url.trim_end_matches('/'),
-        &upload_auth,
+        upload_auth.as_ref(),
         &resolved_path,
     )
     .await

codex-rs/core/src/plugins/manager.rs

@@ -125,21 +125,11 @@ fn featured_plugin_ids_cache_key(
     config: &Config,
     auth: Option<&CodexAuth>,
 ) -> FeaturedPluginIdsCacheKey {
-    let token_data = auth.and_then(|auth| auth.get_token_data().ok());
-    let account_id = token_data
-        .as_ref()
-        .and_then(|token_data| token_data.account_id.clone());
-    let chatgpt_user_id = token_data
-        .as_ref()
-        .and_then(|token_data| token_data.id_token.chatgpt_user_id.clone());
-    let is_workspace_account = token_data
-        .as_ref()
-        .is_some_and(|token_data| token_data.id_token.is_workspace_account());
     FeaturedPluginIdsCacheKey {
         chatgpt_base_url: config.chatgpt_base_url.clone(),
-        account_id,
-        chatgpt_user_id,
-        is_workspace_account,
+        account_id: auth.and_then(CodexAuth::get_account_id),
+        chatgpt_user_id: auth.and_then(CodexAuth::get_chatgpt_user_id),
+        is_workspace_account: auth.is_some_and(CodexAuth::is_workspace_account),
     }
 }
 

codex-rs/core/src/session/handlers.rs

@@ -489,7 +489,12 @@ pub async fn list_mcp_tools(sess: &Session, config: &Arc<Config>, sub_id: String
         .await;
     let snapshot = collect_mcp_snapshot_from_manager(
         &mcp_connection_manager,
-        compute_auth_statuses(mcp_servers.iter(), config.mcp_oauth_credentials_store_mode).await,
+        compute_auth_statuses(
+            mcp_servers.iter(),
+            config.mcp_oauth_credentials_store_mode,
+            auth.as_ref(),
+        )
+        .await,
     )
     .await;
     let event = Event {

codex-rs/core/src/session/mcp.rs

@@ -219,7 +219,8 @@ impl Session {
             .tool_plugin_provenance(config.as_ref())
             .await;
         let mcp_servers = with_codex_apps_mcp(mcp_servers, auth.as_ref(), &mcp_config);
-        let auth_statuses = compute_auth_statuses(mcp_servers.iter(), store_mode).await;
+        let auth_statuses =
+            compute_auth_statuses(mcp_servers.iter(), store_mode, auth.as_ref()).await;
         {
             let mut guard = self.services.mcp_startup_cancellation_token.lock().await;
             guard.cancel();
@@ -243,6 +244,7 @@ impl Session {
             config.codex_home.to_path_buf(),
             codex_apps_tools_cache_key(auth.as_ref()),
             tool_plugin_provenance,
+            auth.as_ref(),
         )
         .await;
         {

codex-rs/core/src/session/mod.rs

@@ -45,7 +45,6 @@ use chrono::Local;
 use chrono::Utc;
 use codex_analytics::AnalyticsEventsClient;
 use codex_analytics::SubAgentThreadStartedInput;
-use codex_app_server_protocol::AuthMode;
 use codex_app_server_protocol::McpServerElicitationRequest;
 use codex_app_server_protocol::McpServerElicitationRequestParams;
 use codex_config::types::OAuthCredentialsStoreMode;

codex-rs/core/src/session/session.rs

@@ -350,6 +350,7 @@ impl Session {
             let auth_statuses = compute_auth_statuses(
                 mcp_servers.iter(),
                 config_for_mcp.mcp_oauth_credentials_store_mode,
+                auth.as_ref(),
             )
             .await;
             (auth, mcp_servers, auth_statuses)
@@ -787,6 +788,7 @@ impl Session {
             config.codex_home.to_path_buf(),
             codex_apps_tools_cache_key(auth),
             tool_plugin_provenance,
+            auth,
         )
         .instrument(info_span!(
             "session_init.mcp_manager_init",

codex-rs/core/src/session/turn_context.rs

@@ -5,10 +5,7 @@ use codex_protocol::protocol::TurnEnvironmentSelection;
 use codex_sandboxing::policy_transforms::merge_permission_profiles;
 
 pub(super) fn image_generation_tool_auth_allowed(auth_manager: Option<&AuthManager>) -> bool {
-    matches!(
-        auth_manager.and_then(AuthManager::auth_mode),
-        Some(AuthMode::Chatgpt)
-    )
+    auth_manager.is_some_and(AuthManager::current_auth_uses_codex_backend)
 }
 
 #[derive(Clone, Debug)]
@@ -101,13 +98,11 @@ impl TurnContext {
     }
 
     pub(crate) fn apps_enabled(&self) -> bool {
-        let is_chatgpt_auth = self
+        let uses_codex_backend = self
             .auth_manager
             .as_deref()
-            .and_then(AuthManager::auth_cached)
-            .as_ref()
-            .is_some_and(CodexAuth::is_chatgpt_auth);
-        self.features.apps_enabled_for_auth(is_chatgpt_auth)
+            .is_some_and(AuthManager::current_auth_uses_codex_backend);
+        self.features.apps_enabled_for_auth(uses_codex_backend)
     }
 
     pub(crate) async fn with_model(&self, model: String, models_manager: &ModelsManager) -> Self {

codex-rs/deny.toml

@@ -78,7 +78,6 @@ ignore = [
     # TODO(fcoury): remove this exception when syntect drops yaml-rust and bincode, or updates to versions that have fixed the vulnerabilities.
     { id = "RUSTSEC-2024-0320", reason = "yaml-rust is unmaintained; pulled in via syntect v5.3.0 used by codex-tui for syntax highlighting; no fixed release yet" },
     { id = "RUSTSEC-2025-0141", reason = "bincode is unmaintained; pulled in via syntect v5.3.0 used by codex-tui for syntax highlighting; no fixed release yet" },
-    { id = "RUSTSEC-2026-0097", reason = "rand 0.8.5 is pulled in via age v0.11.2/codex-secrets and zbus v4.4.0/keyring; no compatible rand 0.8 fixed release, remove when transitive dependencies move to rand >=0.9.3" },
 ]
 # If this is true, then cargo deny will use the git executable to fetch advisory database.
 # If this is false, then it uses a built-in git library.

codex-rs/login/src/auth/agent_identity.rs

@@ -39,6 +39,10 @@ impl AgentIdentityAuth {
         &self.record
     }
 
+    pub fn process_task_id(&self) -> Option<&str> {
+        self.process_task_id.get().map(String::as_str)
+    }
+
     pub async fn ensure_runtime(&self, chatgpt_base_url: Option<String>) -> std::io::Result<()> {
         self.process_task_id
             .get_or_try_init(|| async {

codex-rs/login/src/auth/auth_tests.rs

@@ -78,6 +78,44 @@ fn login_with_api_key_overwrites_existing_auth_json() {
     assert!(auth.tokens.is_none(), "tokens should be cleared");
 }
 
+#[test]
+fn login_with_agent_identity_writes_only_token() {
+    let dir = tempdir().unwrap();
+    let auth_path = dir.path().join("auth.json");
+    let record = agent_identity_record("account-123");
+    let agent_identity = fake_agent_identity_jwt(&record).expect("fake agent identity");
+
+    super::login_with_agent_identity(dir.path(), &agent_identity, AuthCredentialsStoreMode::File)
+        .expect("login_with_agent_identity should succeed");
+
+    let storage = FileAuthStorage::new(dir.path().to_path_buf());
+    let auth = storage
+        .try_read_auth_json(&auth_path)
+        .expect("auth.json should parse");
+    assert_eq!(auth.auth_mode, Some(AuthMode::AgentIdentity));
+    assert_eq!(
+        auth.agent_identity.as_deref(),
+        Some(agent_identity.as_str())
+    );
+    assert!(auth.tokens.is_none(), "tokens should be cleared");
+    assert!(auth.openai_api_key.is_none(), "API key should be cleared");
+}
+
+#[test]
+fn login_with_agent_identity_rejects_invalid_jwt() {
+    let dir = tempdir().unwrap();
+
+    let err =
+        super::login_with_agent_identity(dir.path(), "not-a-jwt", AuthCredentialsStoreMode::File)
+            .expect_err("invalid Agent Identity token should fail");
+
+    assert_eq!(err.kind(), std::io::ErrorKind::Other);
+    assert!(
+        !get_auth_file(dir.path()).exists(),
+        "invalid Agent Identity token should not write auth.json"
+    );
+}
+
 #[test]
 fn missing_auth_json_returns_none() {
     let dir = tempdir().unwrap();
@@ -87,7 +125,7 @@ fn missing_auth_json_returns_none() {
 }
 
 #[tokio::test]
-#[serial(codex_api_key)]
+#[serial(codex_auth_env)]
 async fn pro_account_with_no_api_key_uses_chatgpt_auth() {
     let codex_home = tempdir().unwrap();
     let fake_jwt = write_auth_file(
@@ -143,7 +181,7 @@ async fn pro_account_with_no_api_key_uses_chatgpt_auth() {
 }
 
 #[tokio::test]
-#[serial(codex_api_key)]
+#[serial(codex_auth_env)]
 async fn loads_api_key_from_auth_json() {
     let dir = tempdir().unwrap();
     let auth_file = dir.path().join("auth.json");
@@ -581,7 +619,54 @@ impl Drop for EnvVarGuard {
     }
 }
 
+#[test]
+#[serial(codex_auth_env)]
+fn load_auth_reads_agent_identity_from_env() {
+    let codex_home = tempdir().unwrap();
+    let expected_record = agent_identity_record("account-123");
+    let agent_identity = fake_agent_identity_jwt(&expected_record).expect("fake agent identity");
+    let _agent_guard = EnvVarGuard::set(CODEX_AGENT_IDENTITY_ENV_VAR, &agent_identity);
+
+    let auth = super::load_auth(
+        codex_home.path(),
+        /*enable_codex_api_key_env*/ false,
+        AuthCredentialsStoreMode::File,
+    )
+    .expect("env auth should load")
+    .expect("env auth should be present");
+
+    let CodexAuth::AgentIdentity(agent_identity) = auth else {
+        panic!("env auth should load as agent identity");
+    };
+    assert_eq!(agent_identity.record(), &expected_record);
+    assert!(
+        !get_auth_file(codex_home.path()).exists(),
+        "env auth should not write auth.json"
+    );
+}
+
+#[test]
+#[serial(codex_auth_env)]
+fn load_auth_keeps_codex_api_key_env_precedence() {
+    let codex_home = tempdir().unwrap();
+    let record = agent_identity_record("account-123");
+    let agent_identity = fake_agent_identity_jwt(&record).expect("fake agent identity");
+    let _agent_guard = EnvVarGuard::set(CODEX_AGENT_IDENTITY_ENV_VAR, &agent_identity);
+    let _api_key_guard = EnvVarGuard::set(CODEX_API_KEY_ENV_VAR, "sk-env");
+
+    let auth = super::load_auth(
+        codex_home.path(),
+        /*enable_codex_api_key_env*/ true,
+        AuthCredentialsStoreMode::File,
+    )
+    .expect("env auth should load")
+    .expect("env auth should be present");
+
+    assert_eq!(auth.api_key(), Some("sk-env"));
+}
+
 #[tokio::test]
+#[serial(codex_auth_env)]
 async fn enforce_login_restrictions_logs_out_for_method_mismatch() {
     let codex_home = tempdir().unwrap();
     login_with_api_key(codex_home.path(), "sk-test", AuthCredentialsStoreMode::File)
@@ -604,7 +689,7 @@ async fn enforce_login_restrictions_logs_out_for_method_mismatch() {
 }
 
 #[tokio::test]
-#[serial(codex_api_key)]
+#[serial(codex_auth_env)]
 async fn enforce_login_restrictions_logs_out_for_workspace_mismatch() {
     let codex_home = tempdir().unwrap();
     let _jwt = write_auth_file(
@@ -634,7 +719,7 @@ async fn enforce_login_restrictions_logs_out_for_workspace_mismatch() {
 }
 
 #[tokio::test]
-#[serial(codex_api_key)]
+#[serial(codex_auth_env)]
 async fn enforce_login_restrictions_allows_matching_workspace() {
     let codex_home = tempdir().unwrap();
     let _jwt = write_auth_file(
@@ -662,6 +747,7 @@ async fn enforce_login_restrictions_allows_matching_workspace() {
 }
 
 #[tokio::test]
+#[serial(codex_auth_env)]
 async fn enforce_login_restrictions_allows_api_key_if_login_method_not_set_but_forced_chatgpt_workspace_id_is_set()
  {
     let codex_home = tempdir().unwrap();
@@ -683,7 +769,7 @@ async fn enforce_login_restrictions_allows_api_key_if_login_method_not_set_but_f
 }
 
 #[tokio::test]
-#[serial(codex_api_key)]
+#[serial(codex_auth_env)]
 async fn enforce_login_restrictions_blocks_env_api_key_when_chatgpt_required() {
     let _guard = EnvVarGuard::set(CODEX_API_KEY_ENV_VAR, "sk-env");
     let codex_home = tempdir().unwrap();
@@ -703,6 +789,35 @@ async fn enforce_login_restrictions_blocks_env_api_key_when_chatgpt_required() {
     );
 }
 
+fn agent_identity_record(account_id: &str) -> AgentIdentityAuthRecord {
+    AgentIdentityAuthRecord {
+        agent_runtime_id: "agent-runtime-id".to_string(),
+        agent_private_key: "private-key".to_string(),
+        account_id: account_id.to_string(),
+        chatgpt_user_id: "user-id".to_string(),
+        email: "user@example.com".to_string(),
+        plan_type: AccountPlanType::Pro,
+        chatgpt_account_is_fedramp: false,
+    }
+}
+
+fn fake_agent_identity_jwt(record: &AgentIdentityAuthRecord) -> std::io::Result<String> {
+    let encode = |bytes: &[u8]| base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(bytes);
+    let header_b64 = encode(br#"{"alg":"none","typ":"JWT"}"#);
+    let payload = json!({
+        "agent_runtime_id": record.agent_runtime_id,
+        "agent_private_key": record.agent_private_key,
+        "account_id": record.account_id,
+        "chatgpt_user_id": record.chatgpt_user_id,
+        "email": record.email,
+        "plan_type": record.plan_type,
+        "chatgpt_account_is_fedramp": record.chatgpt_account_is_fedramp,
+    });
+    let payload_b64 = encode(&serde_json::to_vec(&payload)?);
+    let signature_b64 = encode(b"sig");
+    Ok(format!("{header_b64}.{payload_b64}.{signature_b64}"))
+}
+
 #[test]
 fn plan_type_maps_known_plan() {
     let codex_home = tempdir().unwrap();

codex-rs/login/src/auth/manager.rs

@@ -207,12 +207,12 @@ impl CodexAuth {
             return Ok(Self::from_api_key(api_key));
         }
         if auth_mode == ApiAuthMode::AgentIdentity {
-            let Some(record) = auth_dot_json.agent_identity else {
+            let Some(agent_identity) = auth_dot_json.agent_identity else {
                 return Err(std::io::Error::other(
-                    "agent identity auth is missing an agent identity record.",
+                    "agent identity auth is missing an agent identity token.",
                 ));
             };
-            return Ok(Self::AgentIdentity(AgentIdentityAuth::new(record)));
+            return Self::from_agent_identity_jwt(&agent_identity);
         }
 
         let storage_mode = auth_dot_json.storage_mode(auth_credentials_store_mode);
@@ -245,6 +245,11 @@ impl CodexAuth {
         )
     }
 
+    pub fn from_agent_identity_jwt(jwt: &str) -> std::io::Result<Self> {
+        let record = AgentIdentityAuthRecord::from_agent_identity_jwt(jwt)?;
+        Ok(Self::AgentIdentity(AgentIdentityAuth::new(record)))
+    }
+
     pub fn auth_mode(&self) -> AuthMode {
         match self {
             Self::ApiKey(_) => AuthMode::ApiKey,
@@ -397,6 +402,11 @@ impl CodexAuth {
         })
     }
 
+    pub fn is_workspace_account(&self) -> bool {
+        self.account_plan_type()
+            .is_some_and(AccountPlanType::is_workspace_account)
+    }
+
     /// Returns `None` if token-backed ChatGPT auth is unavailable.
     fn get_current_auth_json(&self) -> Option<AuthDotJson> {
         let state = match self {
@@ -469,6 +479,7 @@ impl ChatgptAuth {
 
 pub const OPENAI_API_KEY_ENV_VAR: &str = "OPENAI_API_KEY";
 pub const CODEX_API_KEY_ENV_VAR: &str = "CODEX_API_KEY";
+pub const CODEX_AGENT_IDENTITY_ENV_VAR: &str = "CODEX_AGENT_IDENTITY";
 
 pub fn read_openai_api_key_from_env() -> Option<String> {
     env::var(OPENAI_API_KEY_ENV_VAR)
@@ -484,6 +495,13 @@ pub fn read_codex_api_key_from_env() -> Option<String> {
         .filter(|value| !value.is_empty())
 }
 
+pub fn read_codex_agent_identity_from_env() -> Option<String> {
+    env::var(CODEX_AGENT_IDENTITY_ENV_VAR)
+        .ok()
+        .map(|value| value.trim().to_string())
+        .filter(|value| !value.is_empty())
+}
+
 /// Delete the auth.json file inside `codex_home` if it exists. Returns `Ok(true)`
 /// if a file was removed, `Ok(false)` if no auth file was present.
 pub fn logout(
@@ -524,6 +542,23 @@ pub fn login_with_api_key(
     save_auth(codex_home, &auth_dot_json, auth_credentials_store_mode)
 }
 
+/// Writes an `auth.json` that contains only the Agent Identity token.
+pub fn login_with_agent_identity(
+    codex_home: &Path,
+    agent_identity: &str,
+    auth_credentials_store_mode: AuthCredentialsStoreMode,
+) -> std::io::Result<()> {
+    AgentIdentityAuthRecord::from_agent_identity_jwt(agent_identity)?;
+    let auth_dot_json = AuthDotJson {
+        auth_mode: Some(ApiAuthMode::AgentIdentity),
+        openai_api_key: None,
+        tokens: None,
+        last_refresh: None,
+        agent_identity: Some(agent_identity.to_string()),
+    };
+    save_auth(codex_home, &auth_dot_json, auth_credentials_store_mode)
+}
+
 /// Writes an in-memory auth payload for externally managed ChatGPT tokens.
 pub fn login_with_chatgpt_auth_tokens(
     codex_home: &Path,
@@ -709,6 +744,10 @@ fn load_auth(
         return Ok(None);
     }
 
+    if let Some(agent_identity) = read_codex_agent_identity_from_env() {
+        return CodexAuth::from_agent_identity_jwt(&agent_identity).map(Some);
+    }
+
     // Fall back to the configured persistent store (file/keyring/auto) for managed auth.
     let storage = create_auth_storage(codex_home.to_path_buf(), auth_credentials_store_mode);
     let auth_dot_json = match storage.load()? {
@@ -1709,6 +1748,13 @@ impl AuthManager {
         self.auth_cached().as_ref().map(CodexAuth::auth_mode)
     }
 
+    pub fn current_auth_uses_codex_backend(&self) -> bool {
+        matches!(
+            self.auth_mode(),
+            Some(AuthMode::Chatgpt | AuthMode::ChatgptAuthTokens | AuthMode::AgentIdentity)
+        )
+    }
+
     fn is_stale_for_proactive_refresh(auth: &CodexAuth) -> bool {
         let chatgpt_auth = match auth {
             CodexAuth::Chatgpt(chatgpt_auth) => chatgpt_auth,

codex-rs/login/src/auth/storage.rs

@@ -19,6 +19,7 @@ use std::sync::Mutex;
 use tracing::warn;
 
 use crate::token_data::TokenData;
+use codex_agent_identity::decode_agent_identity_jwt;
 use codex_app_server_protocol::AuthMode;
 use codex_config::types::AuthCredentialsStoreMode;
 use codex_keyring_store::DefaultKeyringStore;
@@ -42,7 +43,7 @@ pub struct AuthDotJson {
     pub last_refresh: Option<DateTime<Utc>>,
 
     #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub agent_identity: Option<AgentIdentityAuthRecord>,
+    pub agent_identity: Option<String>,
 }
 
 #[derive(Deserialize, Serialize, Clone, Debug, PartialEq, Eq)]
@@ -56,6 +57,22 @@ pub struct AgentIdentityAuthRecord {
     pub chatgpt_account_is_fedramp: bool,
 }
 
+impl AgentIdentityAuthRecord {
+    pub(crate) fn from_agent_identity_jwt(jwt: &str) -> std::io::Result<Self> {
+        let claims = decode_agent_identity_jwt(jwt).map_err(std::io::Error::other)?;
+
+        Ok(Self {
+            agent_runtime_id: claims.agent_runtime_id,
+            agent_private_key: claims.agent_private_key,
+            account_id: claims.account_id,
+            chatgpt_user_id: claims.chatgpt_user_id,
+            email: claims.email,
+            plan_type: claims.plan_type,
+            chatgpt_account_is_fedramp: claims.chatgpt_account_is_fedramp,
+        })
+    }
+}
+
 pub(super) fn get_auth_file(codex_home: &Path) -> PathBuf {
     codex_home.join("auth.json")
 }

codex-rs/login/src/auth/storage_tests.rs

@@ -7,7 +7,6 @@ use serde_json::json;
 use tempfile::tempdir;
 
 use codex_keyring_store::tests::MockKeyringStore;
-use codex_protocol::account::PlanType as AccountPlanType;
 use keyring::Error as KeyringError;
 
 #[tokio::test]
@@ -59,20 +58,21 @@ async fn file_storage_save_persists_auth_dot_json() -> anyhow::Result<()> {
 async fn file_storage_round_trips_agent_identity_auth() -> anyhow::Result<()> {
     let codex_home = tempdir()?;
     let storage = FileAuthStorage::new(codex_home.path().to_path_buf());
+    let agent_identity = jwt_with_payload(json!({
+        "agent_runtime_id": "agent-runtime-id",
+        "agent_private_key": "private-key",
+        "account_id": "account-id",
+        "chatgpt_user_id": "user-id",
+        "email": "user@example.com",
+        "plan_type": "pro",
+        "chatgpt_account_is_fedramp": false,
+    }));
     let auth_dot_json = AuthDotJson {
         auth_mode: Some(AuthMode::AgentIdentity),
         openai_api_key: None,
         tokens: None,
         last_refresh: None,
-        agent_identity: Some(AgentIdentityAuthRecord {
-            agent_runtime_id: "agent-runtime-id".to_string(),
-            agent_private_key: "private-key".to_string(),
-            account_id: "account-id".to_string(),
-            chatgpt_user_id: "user-id".to_string(),
-            email: "user@example.com".to_string(),
-            plan_type: AccountPlanType::Pro,
-            chatgpt_account_is_fedramp: false,
-        }),
+        agent_identity: Some(agent_identity),
     };
 
     storage.save(&auth_dot_json)?;
@@ -82,6 +82,37 @@ async fn file_storage_round_trips_agent_identity_auth() -> anyhow::Result<()> {
     Ok(())
 }
 
+#[tokio::test]
+async fn file_storage_loads_agent_identity_as_jwt() -> anyhow::Result<()> {
+    let codex_home = tempdir()?;
+    let storage = FileAuthStorage::new(codex_home.path().to_path_buf());
+    let agent_identity_jwt = jwt_with_payload(json!({
+        "agent_runtime_id": "agent-runtime-id",
+        "agent_private_key": "private-key",
+        "account_id": "account-id",
+        "chatgpt_user_id": "user-id",
+        "email": "user@example.com",
+        "plan_type": "pro",
+        "chatgpt_account_is_fedramp": false,
+    }));
+    let auth_file = get_auth_file(codex_home.path());
+    std::fs::write(
+        &auth_file,
+        serde_json::to_string_pretty(&json!({
+            "auth_mode": "agentIdentity",
+            "agent_identity": agent_identity_jwt,
+        }))?,
+    )?;
+
+    let loaded = storage.load()?;
+
+    assert_eq!(
+        loaded.expect("auth should load").agent_identity.as_deref(),
+        Some(agent_identity_jwt.as_str())
+    );
+    Ok(())
+}
+
 #[test]
 fn file_storage_delete_removes_auth_file() -> anyhow::Result<()> {
     let dir = tempdir()?;
@@ -217,6 +248,14 @@ fn auth_with_prefix(prefix: &str) -> AuthDotJson {
     }
 }
 
+fn jwt_with_payload(payload: serde_json::Value) -> String {
+    let encode = |bytes: &[u8]| base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(bytes);
+    let header_b64 = encode(br#"{"alg":"none","typ":"JWT"}"#);
+    let payload_b64 = encode(&serde_json::to_vec(&payload).expect("payload should serialize"));
+    let signature_b64 = encode(b"sig");
+    format!("{header_b64}.{payload_b64}.{signature_b64}")
+}
+
 #[test]
 fn keyring_auth_storage_load_returns_deserialized_auth() -> anyhow::Result<()> {
     let codex_home = tempdir()?;

codex-rs/login/src/lib.rs

@@ -22,6 +22,7 @@ pub use auth::AuthDotJson;
 pub use auth::AuthManager;
 pub use auth::AuthManagerConfig;
 pub use auth::CLIENT_ID;
+pub use auth::CODEX_AGENT_IDENTITY_ENV_VAR;
 pub use auth::CODEX_API_KEY_ENV_VAR;
 pub use auth::CodexAuth;
 pub use auth::ExternalAuth;
@@ -37,9 +38,11 @@ pub use auth::UnauthorizedRecovery;
 pub use auth::default_client;
 pub use auth::enforce_login_restrictions;
 pub use auth::load_auth_dot_json;
+pub use auth::login_with_agent_identity;
 pub use auth::login_with_api_key;
 pub use auth::logout;
 pub use auth::logout_with_revoke;
+pub use auth::read_codex_agent_identity_from_env;
 pub use auth::read_openai_api_key_from_env;
 pub use auth::save_auth;
 pub use auth_env_telemetry::AuthEnvTelemetry;

codex-rs/model-provider/Cargo.toml

@@ -15,6 +15,7 @@ workspace = true
 [dependencies]
 async-trait = { workspace = true }
 codex-api = { workspace = true }
+codex-agent-identity = { workspace = true }
 codex-aws-auth = { workspace = true }
 codex-client = { workspace = true }
 codex-login = { workspace = true }

codex-rs/model-provider/src/auth.rs

@@ -1,12 +1,73 @@
 use std::sync::Arc;
 
+use codex_agent_identity::AgentIdentityKey;
+use codex_agent_identity::AgentTaskAuthorizationTarget;
+use codex_agent_identity::authorization_header_for_agent_task;
+use codex_api::AuthProvider;
 use codex_api::SharedAuthProvider;
 use codex_login::AuthManager;
 use codex_login::CodexAuth;
 use codex_model_provider_info::ModelProviderInfo;
+use http::HeaderMap;
+use http::HeaderValue;
 
 use crate::bearer_auth_provider::BearerAuthProvider;
 
+#[derive(Clone, Debug)]
+struct AgentIdentityAuthProvider {
+    auth: codex_login::auth::AgentIdentityAuth,
+}
+
+impl AuthProvider for AgentIdentityAuthProvider {
+    fn add_auth_headers(&self, headers: &mut HeaderMap) {
+        let record = self.auth.record();
+        let header_value = self
+            .auth
+            .process_task_id()
+            .ok_or_else(|| std::io::Error::other("agent identity process task is not initialized"))
+            .and_then(|task_id| {
+                authorization_header_for_agent_task(
+                    AgentIdentityKey {
+                        agent_runtime_id: &record.agent_runtime_id,
+                        private_key_pkcs8_base64: &record.agent_private_key,
+                    },
+                    AgentTaskAuthorizationTarget {
+                        agent_runtime_id: &record.agent_runtime_id,
+                        task_id,
+                    },
+                )
+                .map_err(std::io::Error::other)
+            });
+
+        if let Ok(header_value) = header_value
+            && let Ok(header) = HeaderValue::from_str(&header_value)
+        {
+            let _ = headers.insert(http::header::AUTHORIZATION, header);
+        }
+
+        if let Ok(header) = HeaderValue::from_str(self.auth.account_id()) {
+            let _ = headers.insert("ChatGPT-Account-ID", header);
+        }
+
+        if self.auth.is_fedramp_account() {
+            let _ = headers.insert("X-OpenAI-Fedramp", HeaderValue::from_static("true"));
+        }
+    }
+}
+
+// Some providers are meant to send no auth headers. Examples include local OSS
+// providers and custom test providers with `requires_openai_auth = false`.
+#[derive(Clone, Debug)]
+struct UnauthenticatedAuthProvider;
+
+impl AuthProvider for UnauthenticatedAuthProvider {
+    fn add_auth_headers(&self, _headers: &mut HeaderMap) {}
+}
+
+pub fn unauthenticated_auth_provider() -> SharedAuthProvider {
+    Arc::new(UnauthenticatedAuthProvider)
+}
+
 /// Returns the provider-scoped auth manager when this provider uses command-backed auth.
 ///
 /// Providers without custom auth continue using the caller-supplied base manager, when present.
@@ -20,45 +81,63 @@ pub(crate) fn auth_manager_for_provider(
     }
 }
 
-fn bearer_auth_provider_from_auth(
-    auth: Option<&CodexAuth>,
-    provider: &ModelProviderInfo,
-) -> codex_protocol::error::Result<BearerAuthProvider> {
-    if let Some(api_key) = provider.api_key()? {
-        return Ok(BearerAuthProvider {
-            token: Some(api_key),
-            account_id: None,
-            is_fedramp_account: false,
-        });
-    }
-
-    if let Some(token) = provider.experimental_bearer_token.clone() {
-        return Ok(BearerAuthProvider {
-            token: Some(token),
-            account_id: None,
-            is_fedramp_account: false,
-        });
-    }
-
-    if let Some(auth) = auth {
-        let token = auth.get_token()?;
-        Ok(BearerAuthProvider {
-            token: Some(token),
-            account_id: auth.get_account_id(),
-            is_fedramp_account: auth.is_fedramp_account(),
-        })
-    } else {
-        Ok(BearerAuthProvider {
-            token: None,
-            account_id: None,
-            is_fedramp_account: false,
-        })
-    }
-}
-
 pub(crate) fn resolve_provider_auth(
     auth: Option<&CodexAuth>,
     provider: &ModelProviderInfo,
 ) -> codex_protocol::error::Result<SharedAuthProvider> {
-    Ok(Arc::new(bearer_auth_provider_from_auth(auth, provider)?))
+    if let Some(auth) = bearer_auth_for_provider(provider)? {
+        return Ok(Arc::new(auth));
+    }
+
+    Ok(match auth {
+        Some(auth) => auth_provider_from_auth(auth),
+        None => unauthenticated_auth_provider(),
+    })
+}
+
+fn bearer_auth_for_provider(
+    provider: &ModelProviderInfo,
+) -> codex_protocol::error::Result<Option<BearerAuthProvider>> {
+    if let Some(api_key) = provider.api_key()? {
+        return Ok(Some(BearerAuthProvider::new(api_key)));
+    }
+
+    if let Some(token) = provider.experimental_bearer_token.clone() {
+        return Ok(Some(BearerAuthProvider::new(token)));
+    }
+
+    Ok(None)
+}
+
+/// Builds request-header auth for a first-party Codex auth snapshot.
+pub fn auth_provider_from_auth(auth: &CodexAuth) -> SharedAuthProvider {
+    match auth {
+        CodexAuth::AgentIdentity(auth) => {
+            Arc::new(AgentIdentityAuthProvider { auth: auth.clone() })
+        }
+        CodexAuth::ApiKey(_) | CodexAuth::Chatgpt(_) | CodexAuth::ChatgptAuthTokens(_) => {
+            Arc::new(BearerAuthProvider {
+                token: auth.get_token().ok(),
+                account_id: auth.get_account_id(),
+                is_fedramp_account: auth.is_fedramp_account(),
+            })
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use codex_model_provider_info::WireApi;
+    use codex_model_provider_info::create_oss_provider_with_base_url;
+
+    use super::*;
+
+    #[test]
+    fn unauthenticated_auth_provider_adds_no_headers() {
+        let provider =
+            create_oss_provider_with_base_url("http://localhost:11434/v1", WireApi::Responses);
+        let auth = resolve_provider_auth(/*auth*/ None, &provider).expect("auth should resolve");
+
+        assert!(auth.to_auth_headers().is_empty());
+    }
 }

codex-rs/model-provider/src/bearer_auth_provider.rs

@@ -11,6 +11,14 @@ pub struct BearerAuthProvider {
 }
 
 impl BearerAuthProvider {
+    pub fn new(token: String) -> Self {
+        Self {
+            token: Some(token),
+            account_id: None,
+            is_fedramp_account: false,
+        }
+    }
+
     pub fn for_test(token: Option<&str>, account_id: Option<&str>) -> Self {
         Self {
             token: token.map(str::to_string),

codex-rs/model-provider/src/lib.rs

@@ -3,6 +3,8 @@ mod auth;
 mod bearer_auth_provider;
 mod provider;
 
+pub use auth::auth_provider_from_auth;
+pub use auth::unauthenticated_auth_provider;
 pub use bearer_auth_provider::BearerAuthProvider;
 pub use bearer_auth_provider::BearerAuthProvider as CoreAuthProvider;
 pub use provider::ModelProvider;

codex-rs/models-manager/src/manager.rs

@@ -9,7 +9,6 @@ use codex_api::ReqwestTransport;
 use codex_api::TransportError;
 use codex_api::auth_header_telemetry;
 use codex_api::map_api_error;
-use codex_app_server_protocol::AuthMode;
 use codex_feedback::FeedbackRequestTags;
 use codex_feedback::emit_feedback_request_tags_with_auth_env;
 use codex_login::AuthEnvTelemetry;
@@ -407,11 +406,13 @@ impl ModelsManager {
             return Ok(());
         }
 
-        let auth_mode = self
+        let uses_codex_backend = self
             .provider
-            .auth_manager()
-            .and_then(|auth_manager| auth_manager.auth_mode());
-        if auth_mode != Some(AuthMode::Chatgpt) && !self.provider.info().has_command_auth() {
+            .auth()
+            .await
+            .as_ref()
+            .is_some_and(CodexAuth::uses_codex_backend);
+        if !uses_codex_backend && !self.provider.info().has_command_auth() {
             if matches!(
                 refresh_strategy,
                 RefreshStrategy::Offline | RefreshStrategy::OnlineIfUncached
@@ -536,12 +537,12 @@ impl ModelsManager {
         remote_models.sort_by(|a, b| a.priority.cmp(&b.priority));
 
         let mut presets: Vec<ModelPreset> = remote_models.into_iter().map(Into::into).collect();
-        let auth_mode = self
+        let uses_codex_backend = self
             .provider
             .auth_manager()
-            .and_then(|auth_manager| auth_manager.auth_mode());
-        let chatgpt_mode = matches!(auth_mode, Some(AuthMode::Chatgpt));
-        presets = ModelPreset::filter_by_auth(presets, chatgpt_mode);
+            .as_deref()
+            .is_some_and(AuthManager::current_auth_uses_codex_backend);
+        presets = ModelPreset::filter_by_auth(presets, uses_codex_backend);
 
         ModelPreset::mark_default_by_picker_visibility(&mut presets);
 

codex-rs/protocol/src/account.rs

@@ -35,6 +35,18 @@ impl PlanType {
     pub fn is_business_like(self) -> bool {
         matches!(self, Self::Business | Self::EnterpriseCbpUsageBased)
     }
+
+    pub fn is_workspace_account(self) -> bool {
+        matches!(
+            self,
+            Self::Team
+                | Self::SelfServeBusinessUsageBased
+                | Self::Business
+                | Self::EnterpriseCbpUsageBased
+                | Self::Enterprise
+                | Self::Edu
+        )
+    }
 }
 
 #[cfg(test)]
@@ -84,4 +96,21 @@ mod tests {
         assert_eq!(PlanType::EnterpriseCbpUsageBased.is_business_like(), true);
         assert_eq!(PlanType::Team.is_business_like(), false);
     }
+
+    #[test]
+    fn workspace_account_helper_includes_usage_based_workspace_plans() {
+        assert_eq!(PlanType::Team.is_workspace_account(), true);
+        assert_eq!(
+            PlanType::SelfServeBusinessUsageBased.is_workspace_account(),
+            true
+        );
+        assert_eq!(PlanType::Business.is_workspace_account(), true);
+        assert_eq!(
+            PlanType::EnterpriseCbpUsageBased.is_workspace_account(),
+            true
+        );
+        assert_eq!(PlanType::Enterprise.is_workspace_account(), true);
+        assert_eq!(PlanType::Edu.is_workspace_account(), true);
+        assert_eq!(PlanType::Pro.is_workspace_account(), false);
+    }
 }

codex-rs/rmcp-client/Cargo.toml

@@ -13,6 +13,7 @@ axum = { workspace = true, default-features = false, features = [
     "http1",
     "tokio",
 ] }
+codex-api = { workspace = true }
 codex-client = { workspace = true }
 codex-config = { workspace = true }
 codex-exec-server = { workspace = true }

codex-rs/rmcp-client/src/rmcp_client.rs

@@ -12,6 +12,7 @@ use std::time::Instant;
 
 use anyhow::Result;
 use anyhow::anyhow;
+use codex_api::SharedAuthProvider;
 use codex_client::build_reqwest_client_with_custom_ca;
 use codex_config::types::McpServerEnvVar;
 use futures::FutureExt;
@@ -88,11 +89,15 @@ const NON_JSON_RESPONSE_BODY_PREVIEW_BYTES: usize = 8_192;
 #[derive(Clone)]
 struct StreamableHttpResponseClient {
     inner: reqwest::Client,
+    auth_provider: Option<SharedAuthProvider>,
 }
 
 impl StreamableHttpResponseClient {
-    fn new(inner: reqwest::Client) -> Self {
-        Self { inner }
+    fn new(inner: reqwest::Client, auth_provider: Option<SharedAuthProvider>) -> Self {
+        Self {
+            inner,
+            auth_provider,
+        }
     }
 
     fn reqwest_error(
@@ -129,6 +134,9 @@ impl StreamableHttpClient for StreamableHttpResponseClient {
             .inner
             .post(uri.as_ref())
             .header(ACCEPT, [EVENT_STREAM_MIME_TYPE, JSON_MIME_TYPE].join(", "));
+        if let Some(auth_provider) = &self.auth_provider {
+            request = request.headers(auth_provider.to_auth_headers());
+        }
         if let Some(auth_header) = auth_token {
             request = request.bearer_auth(auth_header);
         }
@@ -339,6 +347,7 @@ enum TransportRecipe {
         http_headers: Option<HashMap<String, String>>,
         env_http_headers: Option<HashMap<String, String>>,
         store_mode: OAuthCredentialsStoreMode,
+        auth_provider: Option<SharedAuthProvider>,
     },
 }
 
@@ -536,6 +545,7 @@ impl RmcpClient {
         http_headers: Option<HashMap<String, String>>,
         env_http_headers: Option<HashMap<String, String>>,
         store_mode: OAuthCredentialsStoreMode,
+        auth_provider: Option<SharedAuthProvider>,
     ) -> Result<Self> {
         let transport_recipe = TransportRecipe::StreamableHttp {
             server_name: server_name.to_string(),
@@ -544,6 +554,7 @@ impl RmcpClient {
             http_headers,
             env_http_headers,
             store_mode,
+            auth_provider,
         };
         let transport = Self::create_pending_transport(&transport_recipe).await?;
         Ok(Self {
@@ -895,22 +906,25 @@ impl RmcpClient {
                 http_headers,
                 env_http_headers,
                 store_mode,
+                auth_provider,
             } => {
                 let default_headers =
                     build_default_headers(http_headers.clone(), env_http_headers.clone())?;
 
-                let initial_oauth_tokens =
-                    if bearer_token.is_none() && !default_headers.contains_key(AUTHORIZATION) {
-                        match load_oauth_tokens(server_name, url, *store_mode) {
-                            Ok(tokens) => tokens,
-                            Err(err) => {
-                                warn!("failed to read tokens for server `{server_name}`: {err}");
-                                None
-                            }
+                let initial_oauth_tokens = if bearer_token.is_none()
+                    && auth_provider.is_none()
+                    && !default_headers.contains_key(AUTHORIZATION)
+                {
+                    match load_oauth_tokens(server_name, url, *store_mode) {
+                        Ok(tokens) => tokens,
+                        Err(err) => {
+                            warn!("failed to read tokens for server `{server_name}`: {err}");
+                            None
                         }
-                    } else {
-                        None
-                    };
+                    }
+                } else {
+                    None
+                };
 
                 if let Some(initial_tokens) = initial_oauth_tokens.clone() {
                     match create_oauth_transport_and_runtime(
@@ -947,7 +961,10 @@ impl RmcpClient {
                                     .auth_header(access_token);
                             let http_client = build_http_client(&default_headers)?;
                             let transport = StreamableHttpClientTransport::with_client(
-                                StreamableHttpResponseClient::new(http_client),
+                                StreamableHttpResponseClient::new(
+                                    http_client,
+                                    /*auth_provider*/ None,
+                                ),
                                 http_config,
                             );
                             Ok(PendingTransport::StreamableHttp { transport })
@@ -964,7 +981,7 @@ impl RmcpClient {
                     let http_client = build_http_client(&default_headers)?;
 
                     let transport = StreamableHttpClientTransport::with_client(
-                        StreamableHttpResponseClient::new(http_client),
+                        StreamableHttpResponseClient::new(http_client, auth_provider.clone()),
                         http_config,
                     );
                     Ok(PendingTransport::StreamableHttp { transport })
@@ -1178,7 +1195,10 @@ async fn create_oauth_transport_and_runtime(
         }
     };
 
-    let auth_client = AuthClient::new(StreamableHttpResponseClient::new(http_client), manager);
+    let auth_client = AuthClient::new(
+        StreamableHttpResponseClient::new(http_client, /*auth_provider*/ None),
+        manager,
+    );
     let auth_manager = auth_client.auth_manager.clone();
 
     let transport = StreamableHttpClientTransport::with_client(
@@ -1199,13 +1219,67 @@ async fn create_oauth_transport_and_runtime(
 
 #[cfg(test)]
 mod tests {
+    use std::sync::Arc;
+    use std::sync::atomic::AtomicUsize;
+    use std::sync::atomic::Ordering;
     use std::time::Duration;
 
+    use codex_api::AuthProvider;
     use pretty_assertions::assert_eq;
+    use reqwest::header::HeaderMap;
+    use rmcp::model::ClientJsonRpcMessage;
+    use rmcp::model::ClientNotification;
+    use rmcp::model::InitializedNotification;
     use tokio::time;
 
     use super::*;
 
+    #[derive(Debug)]
+    struct CountingAuthProvider {
+        calls: Arc<AtomicUsize>,
+    }
+
+    impl AuthProvider for CountingAuthProvider {
+        fn add_auth_headers(&self, _headers: &mut HeaderMap) {
+            self.calls.fetch_add(1, Ordering::SeqCst);
+        }
+    }
+
+    #[tokio::test]
+    async fn streamable_http_client_applies_runtime_auth_per_request() {
+        let calls = Arc::new(AtomicUsize::new(0));
+        let client = StreamableHttpResponseClient::new(
+            reqwest::Client::new(),
+            Some(Arc::new(CountingAuthProvider {
+                calls: Arc::clone(&calls),
+            })),
+        );
+        let message = || {
+            ClientJsonRpcMessage::notification(ClientNotification::InitializedNotification(
+                InitializedNotification::default(),
+            ))
+        };
+
+        let _ = client
+            .post_message(
+                Arc::from("http://127.0.0.1:1/mcp"),
+                message(),
+                /*session_id*/ None,
+                /*auth_token*/ None,
+            )
+            .await;
+        let _ = client
+            .post_message(
+                Arc::from("http://127.0.0.1:1/mcp"),
+                message(),
+                /*session_id*/ None,
+                /*auth_token*/ None,
+            )
+            .await;
+
+        assert_eq!(calls.load(Ordering::SeqCst), 2);
+    }
+
     #[tokio::test]
     async fn active_time_timeout_pauses_while_elicitation_is_pending() {
         let pause_state = ElicitationPauseState::new();

codex-rs/rmcp-client/tests/streamable_http_recovery.rs

@@ -77,6 +77,7 @@ async fn create_client(base_url: &str) -> anyhow::Result<RmcpClient> {
         /*http_headers*/ None,
         /*env_http_headers*/ None,
         OAuthCredentialsStoreMode::File,
+        /*auth_provider*/ None,
     )
     .await?;