refactor(auth): unify OAuth credentials into config.json#138
Closed
kapelame wants to merge 19 commits into
Closed
Conversation
Server returns expired_in as Unix timestamp (ms), matching the old user_management protocol and OpenClaw client expectations.
…ropic in endpoint URL
The CLI only uses Device Code Flow. Remove dead code: startBrowserFlow, waitForCallback, PLATFORM_HOSTS, platformHost config, authorizationUrl and callbackPort from OAuthConfig.
resource_url from OAuth will not include /anthropic suffix.
Move OAuth tokens from a separate ~/.mmx/credentials.json file into an 'oauth' subobject inside the existing ~/.mmx/config.json. Single source of truth for all CLI state, simpler logout, one file to back up. Also makes Config.oauthApiHost optional and derives it lazily via a new oauthApiHostFor(config) helper, removing the cascade of test-fixture churn that adding it as a required field would have caused.
The 'returns a fresh token when refresh succeeds' test mock and fetch interceptor predated the OAuth response-shape changes: - mock body: add status:'success', rename expires_in -> expired_in - fetch interceptor: match 'oauth2/token' (was 'oauth/token')
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Builds on #134 and addresses two pieces of feedback from review:
No separate
credentials.jsonfile. OAuth tokens now live inside the existing~/.mmx/config.jsonunder anoauthsubobject. Single source of truth for all CLI state, simpler logout, one file to back up / migrate.Config.oauthApiHostis optional, derived lazily. A newoauthApiHostFor(config)helper falls back toOAUTH_API_HOSTS[config.region]when the field is unset. This removes the cascade of test-fixture churn that adding it as a required field caused — every command-test mock would have needed anoauthApiHost: '...'line just to typecheck.Also fixes one pre-existing failing test (
test/auth/timeout-fix.test.ts) where the mock response shape and URL pattern weren't updated when the OAuth endpoint changed in #134.Diff
10 files, +88 / -83.
Resulting
~/.mmx/config.jsonschema{ "api_key": "sk-cp-...", // optional, as before "region": "global", "oauth": { // new — was a separate credentials.json "access_token": "...", "refresh_token": "...", "expires_at": "2026-05-15T12:34:56Z", "token_type": "Bearer", "resource_url": "https://api.minimax.io" }, "base_url": "...", "output": "text" }Test plan
bun run typecheckcleanbun test212 / 212 passbun run lintcleanbun run buildproduces dist/mmx.mjs (138 KB)mmx auth login(CN region) — interactive OAuth completes, tokens saved toconfig.jsonmmx auth status— reads oauth subobject correctly (Method: oauth, Source: config.json)mmx auth logout— clears oauth from config.json (api_key untouched if present)