Skip to content

feat(cli): add OpenAI Codex OAuth authentication support#11935

Open
roomote-v0[bot] wants to merge 1 commit intomainfrom
feature/cli-openai-codex-oauth
Open

feat(cli): add OpenAI Codex OAuth authentication support#11935
roomote-v0[bot] wants to merge 1 commit intomainfrom
feature/cli-openai-codex-oauth

Conversation

@roomote-v0
Copy link
Contributor

@roomote-v0 roomote-v0 bot commented Mar 16, 2026
edited
Loading

Related GitHub Issue

Closes: #11926

Description

This PR attempts to address Issue #11926 by extending OpenAI Codex OAuth authentication from the VSCode extension into the CLI.

Changes:

  • Add openai-codex as a supported CLI provider in types.ts
  • New CLI auth commands:
    • roo auth login-openai - Performs PKCE OAuth flow against OpenAI auth endpoints, stores credentials
    • roo auth logout-openai - Clears stored OpenAI Codex credentials
    • roo auth status-openai - Shows current OpenAI Codex auth status (email, expiration)
  • Credential storage (openai-codex-credentials.ts) - Stores OAuth credentials in the vscode-shim secret storage (~/.vscode-mock/global-storage/secrets.json) so the existing OpenAiCodexOAuthManager and OpenAiCodexHandler work transparently when the extension loads
  • Provider settings - provider.ts handles openai-codex provider (no API key needed)
  • Run flow - run.ts validates OAuth credentials exist when --provider openai-codex is used, and skips the API key requirement

Usage:

# Authenticate with ChatGPT Plus/Pro subscription
roo auth login-openai

# Use OpenAI Codex models
roo --provider openai-codex "your prompt"

# Check auth status
roo auth status-openai

# Log out
roo auth logout-openai

Feedback and guidance are welcome.

Test Procedure

  • Added 12 unit tests for credential storage (save, load, clear, has, expiration)
  • Ran existing provider and credentials tests to confirm no regressions
  • All tests pass: cd apps/cli && npx vitest run src/lib/storage/__tests__/openai-codex-credentials.test.ts

Pre-Submission Checklist

  • Issue Linked: This PR is linked to an approved GitHub Issue
  • Scope: Changes are focused on the linked issue
  • Self-Review: I have performed a thorough self-review of my code
  • Testing: New tests have been added for credential storage
  • Documentation Impact: CLI README may need updating with new auth commands
  • Contribution Guidelines: I have read and agree to the Contributor Guidelines

Documentation Updates

  • Yes, the CLI README should be updated to document the new roo auth login-openai / logout-openai / status-openai commands and the --provider openai-codex option.

Additional Notes

  • The OAuth flow reuses the same PKCE + local callback server pattern from the VSCode extension (src/integrations/openai-codex/oauth.ts)
  • Credentials are stored in the same secret storage location used by the vscode-shim, so the existing OpenAiCodexHandler picks them up transparently via openAiCodexOAuthManager
  • Token refresh is handled automatically by the existing openAiCodexOAuthManager when the extension loads

Interactively review PR in Roo Code Cloud

@roomote
feat(cli): add OpenAI Codex OAuth authentication support
60faa59 
Adds support for using ChatGPT Plus/Pro subscription-based authentication
in the CLI via OpenAI Codex OAuth, matching the existing VSCode extension
capability.

Changes:
- Add openai-codex as a supported CLI provider
- Add roo auth login-openai / logout-openai / status-openai commands
- Implement PKCE OAuth flow for CLI (reuses OpenAI auth endpoints)
- Store credentials in vscode-shim secret storage for transparent
  integration with the existing OpenAiCodexHandler
- Update run.ts to validate OAuth credentials for openai-codex provider
- Add provider settings handling for openai-codex
- Add comprehensive tests for credential storage

Closes #11926
@roomote-v0 roomote-v0 bot mentioned this pull request Mar 16, 2026
Open
2 tasks
@ArchimedesCrypto
Copy link
Contributor

ArchimedesCrypto commented Mar 17, 2026

@roomote mark this ready for review

@roomote-v0
Copy link
Contributor Author

roomote-v0 bot commented Mar 17, 2026
edited
Loading

Fixaroo Clock   See task

Marked this PR as ready for review.

@roomote-v0 roomote-v0 bot marked this pull request as ready for review March 17, 2026 05:05
@dosubot dosubot bot added size:XL This PR changes 500-999 lines, ignoring generated files. Enhancement New feature or request labels Mar 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrubens mrubens Awaiting requested review from mrubens mrubens is a code owner

@cte cte Awaiting requested review from cte cte is a code owner

@jr jr Awaiting requested review from jr jr is a code owner

@hannesrudolph hannesrudolph Awaiting requested review from hannesrudolph hannesrudolph is a code owner

@daniel-lxs daniel-lxs Awaiting requested review from daniel-lxs daniel-lxs is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Enhancement New feature or request size:XL This PR changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[ENHANCEMENT] Allow Codex/Claude login on Roo CLI

2 participants

@ArchimedesCrypto @roomote