Skip to content

Fix Codex auth not being applied to the session/token after login.#14552

Closed
zhiluo20 wants to merge 1 commit intoopenclaw:mainfrom
zhiluo20:main
Closed

Fix Codex auth not being applied to the session/token after login.#14552
zhiluo20 wants to merge 1 commit intoopenclaw:mainfrom
zhiluo20:main

Conversation

@zhiluo20
Copy link

@zhiluo20 zhiluo20 commented Feb 12, 2026
edited by greptile-apps bot
Loading

In the current version, Codex authentication is not applied correctly after login. This patch fixes the issue.

Greptile Overview

Greptile Summary

This PR refactors the OpenAI Codex OAuth login flow into a shared helper (src/commands/openai-codex-oauth.ts) and updates both the interactive onboarding flow (src/commands/auth-choice.apply.openai.ts) and the models auth login CLI command (src/commands/models/auth.ts) to use it. It also changes Codex profiles to be keyed by the OAuth email (openai-codex:<email>) rather than always openai-codex:default, which should allow the correct profile to be selected/applied after login.

Main issue to address before merge: error handling is currently inconsistent—loginOpenAICodexOAuth both emits user-facing errors and rethrows, while at least one caller catches and ignores the exception. This can lead to either silent failure or confusing duplicate reporting depending on the entrypoint.

Confidence Score: 3/5

  • This PR is mostly safe to merge but has inconsistent OAuth error handling that can lead to confusing behavior.
  • Core change (routing Codex OAuth through a shared helper and applying the resulting auth profile) is straightforward, but the helper currently both logs and rethrows while callers handle errors inconsistently (one swallows exceptions). That can cause silent auth failure or duplicate error reporting depending on the command path.
  • src/commands/openai-codex-oauth.ts; src/commands/auth-choice.apply.openai.ts

(2/5) Greptile learns from your feedback when you react with thumbs up/down!

@openclaw-barnacle openclaw-barnacle bot added commands Command implementations size: S labels Feb 12, 2026
greptile-apps[bot]
greptile-apps bot reviewed Feb 12, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 files reviewed, 2 comments

Edit Code Review Agent Settings | Greptile

src/commands/openai-codex-oauth.ts
Comment on lines +49 to +54
} catch (err) {
spin.stop("OpenAI OAuth failed");
runtime.error(String(err));
await prompter.note("Trouble with OAuth? See https://docs.openclaw.ai/start/faq", "OAuth help");
throw err;
}
Copy link
Contributor

@greptile-apps greptile-apps bot Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate error reporting

This helper both reports the error (runtime.error(...) + FAQ note) and rethrows (throw err). Callers now tend to either catch-and-ignore (auth-choice.apply.openai.ts:158-160) or not catch (e.g. models/auth.ts), leading to inconsistent UX: either silent continuation, or double-reporting depending on higher-level error handling.

If this helper is meant to fully handle user-facing errors, it should return null (or a typed failure) instead of throwing; otherwise, remove the user-facing side effects and let callers handle reporting consistently.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/commands/openai-codex-oauth.ts
Line: 49:54

Comment:
**Duplicate error reporting**

This helper both reports the error (`runtime.error(...)` + FAQ note) *and* rethrows (`throw err`). Callers now tend to either catch-and-ignore (`auth-choice.apply.openai.ts:158-160`) or not catch (e.g. `models/auth.ts`), leading to inconsistent UX: either silent continuation, or double-reporting depending on higher-level error handling.

If this helper is meant to fully handle user-facing errors, it should return `null` (or a typed failure) instead of throwing; otherwise, remove the user-facing side effects and let callers handle reporting consistently.

How can I resolve this? If you propose a fix, please make it concise.

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 12, 2026

Additional Comments (1)

src/commands/auth-choice.apply.openai.ts
Swallowed OAuth errors

loginOpenAICodexOAuth rethrows on failure (src/commands/openai-codex-oauth.ts:49-54), but this caller catches and ignores all errors. That means the auth-choice flow can continue and return { config: nextConfig, agentModelOverride } without surfacing that login failed (and without any error exit), which is likely to confuse users and may leave them thinking OAuth was applied.

Consider either not catching here, or returning early after the helper handles UX (note+runtime.error) so the command exits with a failure state rather than silently continuing.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/commands/auth-choice.apply.openai.ts
Line: 154:160

Comment:
**Swallowed OAuth errors**

`loginOpenAICodexOAuth` rethrows on failure (`src/commands/openai-codex-oauth.ts:49-54`), but this caller catches and ignores all errors. That means the auth-choice flow can continue and return `{ config: nextConfig, agentModelOverride }` without surfacing that login failed (and without any error exit), which is likely to confuse users and may leave them thinking OAuth was applied.

Consider either not catching here, or returning early after the helper handles UX (note+runtime.error) so the command exits with a failure state rather than silently continuing.

How can I resolve this? If you propose a fix, please make it concise.

@mbelinky mbelinky mentioned this pull request Feb 13, 2026
Closed
@mbelinky
Copy link
Contributor

mbelinky commented Feb 13, 2026

Thanks @zhiluo20 for the original report and patch direction here.\n\nThis is now superseded by #15406, which carries the same core fix path on top of current architecture:\n- shared Codex OAuth flow helper\n- support\n- surfaced OAuth failures (no silent swallow)\n\nKeeping traceability by linking this PR directly.

@mbelinky mbelinky closed this Feb 13, 2026
@mbelinky
Copy link
Contributor

mbelinky commented Feb 13, 2026

Thanks @zhiluo20 for the original report and patch direction here.

This was superseded by #15406, which carries the same core fix path on top of current main architecture:

  • shared Codex OAuth flow helper
  • support for openclaw models auth login --provider openai-codex
  • surfaced OAuth failures (no silent swallow)

Linking both PRs to keep traceability explicit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

commands Command implementations size: S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zhiluo20 @mbelinky

Comments