[App-server] Add auth v2 doc & update codex mcp interface auth section #6353
Conversation
celia-oai
force-pushed
the
dev/cc/update-doc
branch
from
dbdfc3c to
95fc62d
Compare
celia-oai
changed the title
|
|
||
| Response examples: | ||
| ```json | ||
| { "id": 1, "result": { "account": null, "requiresOpenaiAuth": false } } // no auth needed |
There was a problem hiding this comment.
I believe it's more accurate to say something like // Set to true for some enterprise-managed Codex deployments, which requires ChatGPT login
There was a problem hiding this comment.
I think it's not exactly this? it's more like set to false for oss? https://github.com/openai/codex/blob/main/codex-rs/core/src/model_provider_info.rs#L356. I'll update the comment to reflect this
There was a problem hiding this comment.
If a user is using a model provider that does auth via an API key that is read from an environment variable (which also includes how we support the Copilot API in the VS Code extension), then requiresOpenaiAuth should be false. I can't remember offhand if "normal" OpenAI key auth (which is read from auth.json) also falls into this category.
There was a problem hiding this comment.
interesting - looking at the code of how old get_auth_status workflow works it seems that we check requiresOpenaiAuth based on model provider, regardless of the auth method (api key or not): https://github.com/openai/codex/blob/main/codex-rs/app-server/src/codex_message_processor.rs#L820
There was a problem hiding this comment.
ah nice, i did get it completely wrong lol. thanks for clarifying!
|
|
||
| ### Dev notes | ||
|
|
||
| - `codex generate-ts --out <dir>` emits v2 typings under `v2/`. |
There was a problem hiding this comment.
nit: v2 typings -> v2 types
| - `model/list` → enumerate available models and reasoning options | ||
| - Auth | ||
| - `loginApiKey`, `loginChatGpt`, `cancelLoginChatGpt`, `logoutChatGpt`, `getAuthStatus` | ||
| - `account/read`, `account/login/start`, `account/login/cancel`, `account/logout`, `account/rateLimits/read` |
There was a problem hiding this comment.
This doc merits a follow-up to be rewritten because it's very misleading:
- Historically, we had
codex mcp, which did conform to the MCP (sorta). - We have since split it into
codex mcp-server(which is an MCP server, though one that needs some attention...) andcodex app-server - We really need to say "app server" when we mean the app server (including the name of this document!)
| - `account/updated` (notify) — emitted whenever auth mode changes (`authMode`: `apikey`, `chatgpt`, or `null`). | ||
| - `account/rateLimits/read` — fetch ChatGPT rate limits; updates arrive via `account/rateLimits/updated` (notify). | ||
|
|
||
| ### 1) Check auth state |
There was a problem hiding this comment.
We should try to autogenerate more of this from code at some point.
|
|
||
| The v2 JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, and inspect ChatGPT rate limits. | ||
|
|
||
| ### Quick reference |
There was a problem hiding this comment.
We don't have an initialize?
|
going to work on a PR to update this doc for Threads and Turns, so will merge to avoid conflicts 😁 |
Added doc for auth v2 endpoints. Updated the auth section in Codex MCP interface doc too.