Skip to content

Restore xAI device-code OAuth login and surface endpoint errors #4410

Description

@Hmbown

Summary

/auth xai-device currently fails immediately with Failed to parse xAI device-code response.

Root cause

CodeWhale posts to a hard-coded device authorization path:

https://auth.x.ai/oauth2/device/code

The installed official Grok CLI (0.2.101) uses /oauth2/device. CodeWhale then calls response.json() before checking the HTTP status or content type, so a stale-path 404/HTML/non-JSON response is reported only as a JSON parse failure.

Relevant implementation: crates/tui/src/xai_oauth.rs (request_device_code).

Expected

  • Discover device_authorization_endpoint from https://auth.x.ai/.well-known/openid-configuration instead of hard-coding the path; retain a documented fallback only if necessary.
  • Check status and content type first; return bounded/redacted diagnostic text such as HTTP status and expected JSON rather than an opaque parse error.
  • Verify current scopes against the official Grok CLI flow (including whether team:read remains accepted).

Workaround

Until fixed, use the official grok login --device-auth flow and configure [providers.xai] auth_mode = "oauth", or use an XAI_API_KEY. Do not paste credentials into issue comments.

Tests

Cover current device endpoint, legacy/non-JSON failure handling, discovery fallback, and a structured invalid_scope response.

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingreliabilityReliability, flaky behavior, retries, fallbacks, and robustnesstuiTerminal UI behavior, rendering, or interactionv0.9.1Targeting v0.9.1

Projects

Status
In progress

Relationships

None yet

Development

No branches or pull requests

Issue actions