Skip to content

OAuth provider configuration not fully deleted - cache file persists #7890

Closed
#7908
Closed
OAuth provider configuration not fully deleted - cache file persists#7890
#7908
@sheikhlimon

Description

@sheikhlimon
sheikhlimon
opened on Mar 14, 2026

Summary

When deleting an OAuth provider configuration (specifically ChatGPT Codex), the provider is still shown a "configured" after deletion because cached OAuth tokens in disk files are not cleaned up. This causes the OAuth flow to complete instantly without opening a browser, making it appear as if the configuration was never deleted.

Steps to Reproduce

  1. Configure ChatGPT Codex provider (OAuth flow opens browser, you authorize)
  2. Delete the ChatGPT Codex configuration in the UI
  3. Click "Configure" on ChatGPT Codex again
  4. OAuth completes instantly without opening a browser

Expected Behavior

After deleting an OAuth provider configuration, re-configuring should:

  • Open a browser for the OAuth flow
  • Require fresh authorization

Actual Behavior

OAuth completes instantly because the cached token file persists at ~/.config/goose/chatgpt_codex/tokens.json.

Root Cause

The current deletion flow in ProviderConfigurationModal.tsx only removes:

  1. Configuration keys (via remove() from ConfigContext)
  2. The configured marker ({provider}_configured)

But it does not clean up provider-specific cache files:

  • ChatGPT Codex: ~/.config/goose/chatgpt_codex/tokens.json (disk cache)
  • Other OAuth providers: May have similar caches

Existing Code Patterns

ChatGPT Codex already has a TokenCache::clear() method (crates/goose/src/providers/chatgpt_codex.rs:261-263):

fn clear(&self) {
   let _ = std::fs::remove_file(&self.cache_path);
}

Custom providers also handle cleanup comprehensively in remove_custom_provider():

   pub fn remove_custom_provider(id: &str) -> Result<()> {
       let config = Config::global();
       let api_key_name = generate_api_key_name(id);
       let _ = config.delete_secret(&api_key_name);

       let file_path = custom_providers_dir().join(format!("{}.json", id));
       if file_path.exists() {
           std::fs::remove_file(file_path)?;
       }
       Ok(())
   }

Proposed Solution

Add provider cleanup capability:

  1. Add cleanup() method to Provider trait (crates/goose/src/providers/base.rs)
  2. Implement in ChatGptCodexProvider to clear token cache
  3. Add backend endpoint POST /config/providers/{name}/cleanup
  4. Update frontend to call cleanup endpoint before closing delete modal
  5. Update CLI to call cleanup when removing provider config

Affected Providers

  • ChatGPT Codex - Uses disk cache file
  • GitHub Copilot - Uses keyring (already handles via configured marker)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions