mirror of
https://github.com/openai/codex.git
synced 2026-04-25 07:05:38 +00:00
69c8913e24
## Summary This PR adds `CodexAuth::AgentIdentity` as an explicit auth mode. An AgentIdentity auth record is a standalone `auth.json` mode. When `AuthManager::auth().await` loads that mode, it registers one process-scoped task and stores it in runtime-only state on the auth value. Header creation stays synchronous after that because the task is initialized before callers receive the auth object. This PR also removes the old feature flag path. AgentIdentity is selected by explicit auth mode, not by a hidden flag or lazy mutation of ChatGPT auth records. Reference old stack: https://github.com/openai/codex/pull/17387/changes ## Design Decisions - AgentIdentity is a real auth enum variant because it can be the only credential in `auth.json`. - The process task is ephemeral runtime state. It is not serialized and is not stored in rollout/session data. - Account/user metadata needed by existing Codex backend checks lives on the AgentIdentity record for now. - `is_chatgpt_auth()` remains token-specific. - `uses_codex_backend()` is the broader predicate for ChatGPT-token auth and AgentIdentity auth. ## Stack 1. https://github.com/openai/codex/pull/18757: full revert 2. https://github.com/openai/codex/pull/18871: isolated Agent Identity crate 3. This PR: explicit AgentIdentity auth mode and startup task allocation 4. https://github.com/openai/codex/pull/18811: migrate Codex backend auth callsites through AuthProvider 5. https://github.com/openai/codex/pull/18904: accept AgentIdentity JWTs and load `CODEX_AGENT_IDENTITY` ## Testing Tests: targeted Rust checks, cargo-shear, Bazel lock check, and CI.
79 lines
1.8 KiB
JSON
Generated
79 lines
1.8 KiB
JSON
Generated
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"AuthMode": {
|
|
"description": "Authentication mode for OpenAI-backed providers.",
|
|
"oneOf": [
|
|
{
|
|
"description": "OpenAI API key provided by the caller and stored by Codex.",
|
|
"enum": [
|
|
"apikey"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "ChatGPT OAuth managed by Codex (tokens persisted and refreshed by Codex).",
|
|
"enum": [
|
|
"chatgpt"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "[UNSTABLE] FOR OPENAI INTERNAL USE ONLY - DO NOT USE.\n\nChatGPT auth tokens are supplied by an external host app and are only stored in memory. Token refresh must be handled by the external host app.",
|
|
"enum": [
|
|
"chatgptAuthTokens"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "Programmatic Codex auth backed by a registered Agent Identity.",
|
|
"enum": [
|
|
"agentIdentity"
|
|
],
|
|
"type": "string"
|
|
}
|
|
]
|
|
},
|
|
"PlanType": {
|
|
"enum": [
|
|
"free",
|
|
"go",
|
|
"plus",
|
|
"pro",
|
|
"prolite",
|
|
"team",
|
|
"self_serve_business_usage_based",
|
|
"business",
|
|
"enterprise_cbp_usage_based",
|
|
"enterprise",
|
|
"edu",
|
|
"unknown"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"properties": {
|
|
"authMode": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/AuthMode"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"planType": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/PlanType"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"title": "AccountUpdatedNotification",
|
|
"type": "object"
|
|
} |