feat(auth): add Anthropic OAuth token refresh and fix external CLI sync#21518
Open
maxtongwang wants to merge 1 commit intoopenclaw:mainfrom
Open
feat(auth): add Anthropic OAuth token refresh and fix external CLI sync#21518maxtongwang wants to merge 1 commit intoopenclaw:mainfrom
maxtongwang wants to merge 1 commit intoopenclaw:mainfrom
Conversation
- Add `refreshAnthropicTokens` to refresh expired Anthropic OAuth tokens using the Claude platform endpoint, mirroring Claude Code CLI's own refresh flow. Includes Keychain fallback: if refresh fails, reads fresh credentials from Claude Code CLI before throwing. - Auto-sync Claude Code CLI OAuth credentials into `anthropic:default` during external CLI sync, but only when the existing profile is already OAuth — prevents api_key/token profiles from being auto-converted. - Extract shared `coerceExpiresAt` helper to `src/agents/oauth-utils.ts`, eliminating duplication between Anthropic and Chutes OAuth modules. - Fix `syncExternalCliCredentials`: migrate Qwen sync block to use shared `syncExternalCliCredentialsForProvider` helper, eliminating a double-read bug and ~20 lines of duplicate logic. - Add optional `deps` parameter to `syncExternalCliCredentials` for testable credential-reader injection (replaces broken vi.mock ESM pattern). - Remove redundant `String(cred.provider)` wrappers in `oauth.ts`. - Fix unsafe cast in `anthropic-oauth.test.ts`: use `result.email` directly. Supersedes openclaw#8602. Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
6 tasks
|
Great, Looking forward to the merge of this! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
refreshAnthropicTokensto refresh expired Anthropic OAuth tokens using the Claude platform endpoint, mirroring Claude Code CLI's own refresh flow. On refresh failure, falls back to reading fresh credentials from Claude Code's Keychain before throwing.anthropic:defaultduring external CLI sync — but only when the existing profile is already OAuth, preventingapi_key/tokenprofiles from being auto-converted.coerceExpiresAthelper tosrc/agents/oauth-utils.ts, eliminating duplication between Anthropic and Chutes OAuth modules.Fixes vs #8602
This supersedes #8602 with the following improvements:
store.profiles[QWEN_CLI_PROFILE_ID]was read twice into two separate variables; migrated to use sharedsyncExternalCliCredentialsForProviderlike MiniMax/Anthropicdepsparam tosyncExternalCliCredentialsto inject credential readers; replacesvi.mockESM pattern that was silently a no-op in Vitest fork poolString()castsString(cred.provider)wrappers inoauth.ts— already typed asstring(result as Record<string, unknown>).email→result.emailinanthropic-oauth.test.tsTest plan
src/agents/anthropic-oauth.test.ts— token refresh, expiry coercion, Keychain fallback shapesrc/agents/auth-profiles/external-cli-sync.test.ts— sync guardrails: api_key/token profiles not overwritten, stale oauth refreshed, fresh oauth left alonecc @gumadeiras for review
Generated with Claude Code