chatgpt

package
v1.103.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 9, 2026 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Package chatgpt implements "Sign in with ChatGPT" authentication for the chatgpt model provider.

It performs the same OAuth 2.0 authorization-code + PKCE flow as OpenAI's Codex CLI (issuer https://auth.openai.com, public Codex client ID, fixed localhost callback on port 1455) so a ChatGPT Plus/Pro/Business subscription can be used instead of an OPENAI_API_KEY. The resulting access/refresh tokens authenticate requests against the ChatGPT Codex backend (https://chatgpt.com/backend-api/codex), which serves the gpt-5 model family over the Responses API.

Credentials are stored in <config-dir>/chatgpt-auth.json (owner-only), the same layout Codex CLI uses for ~/.codex/auth.json, and the access token is refreshed transparently when it approaches expiry.

Index

Constants

View Source
const (
	// ProviderName is the built-in model provider name backed by this login.
	ProviderName = "chatgpt"

	// TokenEnvVar is the virtual environment variable through which the
	// stored login is exposed to the rest of docker-agent (credential
	// detection, doctor, first_available, ...). It resolves to a fresh
	// access token via the "chatgpt-login" environment source, and can be
	// set explicitly to inject a pre-minted access token (e.g. in CI).
	TokenEnvVar = "CHATGPT_OAUTH_TOKEN"

	// BaseURL is the ChatGPT Codex backend served to signed-in accounts.
	// It only exposes the Responses API (/responses).
	BaseURL = "https://chatgpt.com/backend-api/codex"

	// Originator identifies the client integration to the Codex backend.
	// The backend rejects requests from unknown originators, so we reuse
	// the Codex CLI value that is valid for every ChatGPT plan.
	Originator = "codex_cli_rs"
)

Variables

View Source
var ErrNotLoggedIn = errors.New("not signed in with a ChatGPT account")

ErrNotLoggedIn is returned when no ChatGPT account login is stored.

Functions

func AccessToken

func AccessToken(ctx context.Context) (string, error)

AccessToken returns a valid access token for the ChatGPT Codex backend, transparently refreshing (and persisting) it when it is expired or close to expiry. It returns ErrNotLoggedIn when no login is stored.

func AccountIDFromToken

func AccountIDFromToken(token string) string

AccountIDFromToken returns the ChatGPT account id embedded in an access token, or an empty string when the token does not carry one. The Codex backend requires this id as a request header for workspace accounts.

func LoggedIn

func LoggedIn() bool

LoggedIn reports whether a ChatGPT account login is stored.

func Logout

func Logout() (bool, error)

Logout removes the stored login. It reports whether a login existed.

func SetCredentialsPathForTests

func SetCredentialsPathForTests(path string) (restore func())

SetCredentialsPathForTests points credential storage at path and returns a restore function. Without an override, every credential operation under `go test` behaves as "not signed in" so the developer's real login is never read, refreshed over the network, or overwritten by tests.

Types

type Credentials

type Credentials struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	IDToken      string    `json:"id_token,omitempty"`
	AccountID    string    `json:"account_id,omitempty"`
	Email        string    `json:"email,omitempty"`
	Plan         string    `json:"plan,omitempty"`
	ExpiresAt    time.Time `json:"expires_at,omitzero"`
	LastRefresh  time.Time `json:"last_refresh,omitzero"`
}

Credentials is the persisted result of a ChatGPT account login.

func Load

func Load() (*Credentials, error)

Load returns the stored credentials without refreshing them. Callers that need a usable token should use AccessToken instead.

func (*Credentials) Expired

func (c *Credentials) Expired() bool

Expired reports whether the access token is expired or about to expire. A zero ExpiresAt means the expiry could not be determined; the token is then used as-is and a 401 from the backend surfaces naturally.

type LoginResult

type LoginResult struct {
	Email     string
	Plan      string
	AccountID string
}

LoginResult summarizes a completed login for display.

func Login

func Login(ctx context.Context, out io.Writer) (*LoginResult, error)

Login runs the interactive "Sign in with ChatGPT" flow: it starts the localhost callback server, opens the browser on the authorization URL (also printed to out for manual use), exchanges the authorization code, and persists the resulting credentials.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL