fix(auth): normalize trailing slashes in auth login URLs (#15874)

packages/opencode/test/auth/auth.test.ts

@@ -0,0 +1,58 @@
+import { test, expect } from "bun:test"
+import { Auth } from "../../src/auth"
+
+test("set normalizes trailing slashes in keys", async () => {
+  await Auth.set("https://example.com/", {
+    type: "wellknown",
+    key: "TOKEN",
+    token: "abc",
+  })
+  const data = await Auth.all()
+  expect(data["https://example.com"]).toBeDefined()
+  expect(data["https://example.com/"]).toBeUndefined()
+})
+
+test("set cleans up pre-existing trailing-slash entry", async () => {
+  // Simulate a pre-fix entry with trailing slash
+  await Auth.set("https://example.com/", {
+    type: "wellknown",
+    key: "TOKEN",
+    token: "old",
+  })
+  // Re-login with normalized key (as the CLI does post-fix)
+  await Auth.set("https://example.com", {
+    type: "wellknown",
+    key: "TOKEN",
+    token: "new",
+  })
+  const data = await Auth.all()
+  const keys = Object.keys(data).filter((k) => k.includes("example.com"))
+  expect(keys).toEqual(["https://example.com"])
+  const entry = data["https://example.com"]!
+  expect(entry.type).toBe("wellknown")
+  if (entry.type === "wellknown") expect(entry.token).toBe("new")
+})
+
+test("remove deletes both trailing-slash and normalized keys", async () => {
+  await Auth.set("https://example.com", {
+    type: "wellknown",
+    key: "TOKEN",
+    token: "abc",
+  })
+  await Auth.remove("https://example.com/")
+  const data = await Auth.all()
+  expect(data["https://example.com"]).toBeUndefined()
+  expect(data["https://example.com/"]).toBeUndefined()
+})
+
+test("set and remove are no-ops on keys without trailing slashes", async () => {
+  await Auth.set("anthropic", {
+    type: "api",
+    key: "sk-test",
+  })
+  const data = await Auth.all()
+  expect(data["anthropic"]).toBeDefined()
+  await Auth.remove("anthropic")
+  const after = await Auth.all()
+  expect(after["anthropic"]).toBeUndefined()
+})

packages/opencode/test/config/config.test.ts

@@ -1535,6 +1535,71 @@ test("project config overrides remote well-known config", async () => {
   }
 })
 
+test("wellknown URL with trailing slash is normalized", async () => {
+  const originalFetch = globalThis.fetch
+  let fetchedUrl: string | undefined
+  const mockFetch = mock((url: string | URL | Request) => {
+    const urlStr = url.toString()
+    if (urlStr.includes(".well-known/opencode")) {
+      fetchedUrl = urlStr
+      return Promise.resolve(
+        new Response(
+          JSON.stringify({
+            config: {
+              mcp: {
+                slack: {
+                  type: "remote",
+                  url: "https://slack.example.com/mcp",
+                  enabled: true,
+                },
+              },
+            },
+          }),
+          { status: 200 },
+        ),
+      )
+    }
+    return originalFetch(url)
+  })
+  globalThis.fetch = mockFetch as unknown as typeof fetch
+
+  const originalAuthAll = Auth.all
+  Auth.all = mock(() =>
+    Promise.resolve({
+      "https://example.com/": {
+        type: "wellknown" as const,
+        key: "TEST_TOKEN",
+        token: "test-token",
+      },
+    }),
+  )
+
+  try {
+    await using tmp = await tmpdir({
+      git: true,
+      init: async (dir) => {
+        await Filesystem.write(
+          path.join(dir, "opencode.json"),
+          JSON.stringify({
+            $schema: "https://opencode.ai/config.json",
+          }),
+        )
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        await Config.get()
+        // Trailing slash should be stripped — no double slash in the fetch URL
+        expect(fetchedUrl).toBe("https://example.com/.well-known/opencode")
+      },
+    })
+  } finally {
+    globalThis.fetch = originalFetch
+    Auth.all = originalAuthAll
+  }
+})
+
 describe("getPluginName", () => {
   test("extracts name from file:// URL", () => {
     expect(Config.getPluginName("file:///path/to/plugin/foo.js")).toBe("foo")