allow plugins to create custom auth providers

2026-04-01 06:42:26 +00:00 · 2025-08-14 16:24:46 -04:00
parent c93d50e8c7
commit a433766a31
11 changed files with 372 additions and 438 deletions
--- a/packages/opencode/src/auth/anthropic.ts
+++ b/packages/opencode/src/auth/anthropic.ts
@@ -1,84 +0,0 @@
-import { generatePKCE } from "@openauthjs/openauth/pkce"
-import { Auth } from "./index"
-
-export namespace AuthAnthropic {
-  const CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e"
-
-  export async function authorize(mode: "max" | "console") {
-    const pkce = await generatePKCE()
-
-    const url = new URL(
-      `https://${mode === "console" ? "console.anthropic.com" : "claude.ai"}/oauth/authorize`,
-      import.meta.url,
-    )
-    url.searchParams.set("code", "true")
-    url.searchParams.set("client_id", CLIENT_ID)
-    url.searchParams.set("response_type", "code")
-    url.searchParams.set("redirect_uri", "https://console.anthropic.com/oauth/code/callback")
-    url.searchParams.set("scope", "org:create_api_key user:profile user:inference")
-    url.searchParams.set("code_challenge", pkce.challenge)
-    url.searchParams.set("code_challenge_method", "S256")
-    url.searchParams.set("state", pkce.verifier)
-    return {
-      url: url.toString(),
-      verifier: pkce.verifier,
-    }
-  }
-
-  export async function exchange(code: string, verifier: string) {
-    const splits = code.split("#")
-    const result = await fetch("https://console.anthropic.com/v1/oauth/token", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify({
-        code: splits[0],
-        state: splits[1],
-        grant_type: "authorization_code",
-        client_id: CLIENT_ID,
-        redirect_uri: "https://console.anthropic.com/oauth/code/callback",
-        code_verifier: verifier,
-      }),
-    })
-    if (!result.ok) throw new ExchangeFailed()
-    const json = await result.json()
-    return {
-      refresh: json.refresh_token as string,
-      access: json.access_token as string,
-      expires: Date.now() + json.expires_in * 1000,
-    }
-  }
-
-  export async function access() {
-    const info = await Auth.get("anthropic")
-    if (!info || info.type !== "oauth") return
-    if (info.access && info.expires > Date.now()) return info.access
-    const response = await fetch("https://console.anthropic.com/v1/oauth/token", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify({
-        grant_type: "refresh_token",
-        refresh_token: info.refresh,
-        client_id: CLIENT_ID,
-      }),
-    })
-    if (!response.ok) return
-    const json = await response.json()
-    await Auth.set("anthropic", {
-      type: "oauth",
-      refresh: json.refresh_token as string,
-      access: json.access_token as string,
-      expires: Date.now() + json.expires_in * 1000,
-    })
-    return json.access_token as string
-  }
-
-  export class ExchangeFailed extends Error {
-    constructor() {
-      super("Exchange failed")
-    }
-  }
-}
--- a/packages/opencode/src/auth/copilot.ts
+++ b/packages/opencode/src/auth/copilot.ts
@@ -1,19 +0,0 @@
-import { Global } from "../global"
-import { lazy } from "../util/lazy"
-import path from "path"
-
-export const AuthCopilot = lazy(async () => {
-  const file = Bun.file(path.join(Global.Path.state, "plugin", "copilot.ts"))
-  const exists = await file.exists()
-  const response = fetch("https://raw.githubusercontent.com/sst/opencode-github-copilot/refs/heads/main/auth.ts")
-    .then((x) => Bun.write(file, x))
-    .catch(() => {})
-
-  if (!exists) {
-    const worked = await response
-    if (!worked) return
-  }
-  const result = await import(file.name!).catch(() => {})
-  if (!result) return
-  return result.AuthCopilot
-})
--- a/packages/opencode/src/auth/index.ts
+++ b/packages/opencode/src/auth/index.ts
@@ -4,25 +4,31 @@ import fs from "fs/promises"
 import { z } from "zod"

 export namespace Auth {
-  export const Oauth = z.object({
-    type: z.literal("oauth"),
-    refresh: z.string(),
-    access: z.string(),
-    expires: z.number(),
-  })
+  export const Oauth = z
+    .object({
+      type: z.literal("oauth"),
+      refresh: z.string(),
+      access: z.string(),
+      expires: z.number(),
+    })
+    .openapi({ ref: "OAuth" })

-  export const Api = z.object({
-    type: z.literal("api"),
-    key: z.string(),
-  })
+  export const Api = z
+    .object({
+      type: z.literal("api"),
+      key: z.string(),
+    })
+    .openapi({ ref: "ApiAuth" })

-  export const WellKnown = z.object({
-    type: z.literal("wellknown"),
-    key: z.string(),
-    token: z.string(),
-  })
+  export const WellKnown = z
+    .object({
+      type: z.literal("wellknown"),
+      key: z.string(),
+      token: z.string(),
+    })
+    .openapi({ ref: "WellKnownAuth" })

-  export const Info = z.discriminatedUnion("type", [Oauth, Api, WellKnown])
+  export const Info = z.discriminatedUnion("type", [Oauth, Api, WellKnown]).openapi({ ref: "Auth" })
  export type Info = z.infer<typeof Info>

  const filepath = path.join(Global.Path.data, "auth.json")