fix(daemon): update codex auth.json parsing to match actual file format#265
fix(daemon): update codex auth.json parsing to match actual file format#265
Conversation
The codex auth.json struct mapping was wrong — field names and nesting didn't match the real file written by the Codex CLI, causing usage sync to silently fail with errCodexAuthInvalid. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
@claude review it |
Codecov Report❌ Patch coverage is
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 2 files with indirect coverage changes 🚀 New features to boost your workflow:
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the codexAuthJSON and codexTokenData structures to align with a new authentication schema and updates the loadCodexAuth function accordingly. Review feedback suggests removing unused fields such as LastRefresh and RefreshToken to improve robustness against format changes. Additionally, it is recommended to implement a fallback to the OpenAIAPIKey when tokens are missing to ensure the daemon remains functional regardless of the authentication method used.
| TokenData *codexAuthTokenData `json:"tokenData"` | ||
| OpenAIAPIKey *string `json:"OPENAI_API_KEY"` | ||
| Tokens *codexTokenData `json:"tokens"` | ||
| LastRefresh string `json:"last_refresh"` |
There was a problem hiding this comment.
The LastRefresh field is currently unused and its string type is a potential point of failure if the JSON value is a number (e.g., a Unix timestamp), which is common for such fields. Similarly, IDToken and RefreshToken in codexTokenData are unused. It is generally safer to omit unused fields to make the parsing more robust against format changes or unexpected types.
| if auth.Tokens == nil || auth.Tokens.AccessToken == "" { | ||
| return nil, errCodexAuthInvalid | ||
| } | ||
|
|
||
| accountID := "" | ||
| if auth.TokenData.IDTokenClaims != nil { | ||
| accountID = auth.TokenData.IDTokenClaims.AccountID | ||
| } | ||
|
|
||
| return &codexAuthData{ | ||
| AccessToken: auth.TokenData.AccessToken, | ||
| AccountID: accountID, | ||
| AccessToken: auth.Tokens.AccessToken, | ||
| AccountID: auth.Tokens.AccountID, | ||
| }, nil |
There was a problem hiding this comment.
The current implementation returns errCodexAuthInvalid if tokens is missing, even if a valid OPENAI_API_KEY is present. Since the OpenAIAPIKey field was added to the struct, you can improve robustness by falling back to it when tokens are unavailable. This ensures the daemon works correctly regardless of whether the user authenticated via the web flow or an API key.
if auth.Tokens != nil && auth.Tokens.AccessToken != "" {
return &codexAuthData{
AccessToken: auth.Tokens.AccessToken,
AccountID: auth.Tokens.AccountID,
}, nil
}
if auth.OpenAIAPIKey != nil && *auth.OpenAIAPIKey != "" {
return &codexAuthData{
AccessToken: *auth.OpenAIAPIKey,
AccountID: "",
}, nil
}
return nil, errCodexAuthInvalid
|
Claude finished @AnnatarHe's task in 44s —— View job Code Review
The core change — updating struct field mappings from Issues / Suggestions:
Looks good otherwise — the simplification is clean and the remaining logic is straightforward. The suggestions above are non-blocking improvements. Approving from a code quality perspective. |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
1 participant
Summary
codexAuthJSONand token struct field mappings to match the actual Codex CLIauth.jsonformat (tokens.access_token,tokens.account_idinstead oftokenData.accessToken,tokenData.idTokenClaims.accountId)codexIDTokenClaimsstruct sinceaccount_idis now a direct field intokensloadCodexAuth()by removing the nested nil check for ID token claimsTest plan
go test -run TestCodex ./daemon/passesgo vet ./daemon/clean🤖 Generated with Claude Code