refactor(oauth): add provider registry

2026-04-17 05:00:16 +00:00 · 2026-01-24 21:17:05 +01:00 · 2026-01-24 21:17:05 +01:00 · 3256d3c083
commit 3256d3c083
parent 89636cfe6e
19 changed files with 655 additions and 291 deletions
--- a/packages/ai/src/utils/oauth/anthropic.ts
+++ b/packages/ai/src/utils/oauth/anthropic.ts
@ -3,7 +3,7 @@
 */

 import { generatePKCE } from "./pkce.js";
-import type { OAuthCredentials } from "./types.js";
+import type { OAuthCredentials, OAuthLoginCallbacks, OAuthProviderInterface } from "./types.js";

 const decode = (s: string) => atob(s);
 const CLIENT_ID = decode("OWQxYzI1MGEtZTYxYi00NGQ5LTg4ZWQtNTk0NGQxOTYyZjVl");
@ -116,3 +116,23 @@ export async function refreshAnthropicToken(refreshToken: string): Promise<OAuth
 		expires: Date.now() + data.expires_in * 1000 - 5 * 60 * 1000,
 	};
 }
+
+export const anthropicOAuthProvider: OAuthProviderInterface = {
+	id: "anthropic",
+	name: "Anthropic (Claude Pro/Max)",
+
+	async login(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials> {
+		return loginAnthropic(
+			(url) => callbacks.onAuth({ url }),
+			() => callbacks.onPrompt({ message: "Paste the authorization code:" }),
+		);
+	},
+
+	async refreshToken(credentials: OAuthCredentials): Promise<OAuthCredentials> {
+		return refreshAnthropicToken(credentials.refresh);
+	},
+
+	getApiKey(credentials: OAuthCredentials): string {
+		return credentials.access;
+	},
+};
--- a/packages/ai/src/utils/oauth/github-copilot.ts
+++ b/packages/ai/src/utils/oauth/github-copilot.ts
@ -3,7 +3,12 @@
 */

 import { getModels } from "../../models.js";
-import type { OAuthCredentials } from "./types.js";
+import type { Api, Model } from "../../types.js";
+import type { OAuthCredentials, OAuthLoginCallbacks, OAuthProviderInterface } from "./types.js";
+
+type CopilotCredentials = OAuthCredentials & {
+	enterpriseUrl?: string;
+};

 const decode = (s: string) => atob(s);
 const CLIENT_ID = decode("SXYxLmI1MDdhMDhjODdlY2ZlOTg=");
@ -344,3 +349,33 @@ export async function loginGitHubCopilot(options: {
 	await enableAllGitHubCopilotModels(credentials.access, enterpriseDomain ?? undefined);
 	return credentials;
 }
+
+export const githubCopilotOAuthProvider: OAuthProviderInterface = {
+	id: "github-copilot",
+	name: "GitHub Copilot",
+
+	async login(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials> {
+		return loginGitHubCopilot({
+			onAuth: (url, instructions) => callbacks.onAuth({ url, instructions }),
+			onPrompt: callbacks.onPrompt,
+			onProgress: callbacks.onProgress,
+			signal: callbacks.signal,
+		});
+	},
+
+	async refreshToken(credentials: OAuthCredentials): Promise<OAuthCredentials> {
+		const creds = credentials as CopilotCredentials;
+		return refreshGitHubCopilotToken(creds.refresh, creds.enterpriseUrl);
+	},
+
+	getApiKey(credentials: OAuthCredentials): string {
+		return credentials.access;
+	},
+
+	modifyModels(models: Model<Api>[], credentials: OAuthCredentials): Model<Api>[] {
+		const creds = credentials as CopilotCredentials;
+		const domain = creds.enterpriseUrl ? (normalizeDomain(creds.enterpriseUrl) ?? undefined) : undefined;
+		const baseUrl = getGitHubCopilotBaseUrl(creds.access, domain);
+		return models.map((m) => (m.provider === "github-copilot" ? { ...m, baseUrl } : m));
+	},
+};
--- a/packages/ai/src/utils/oauth/google-antigravity.ts
+++ b/packages/ai/src/utils/oauth/google-antigravity.ts
@ -8,7 +8,11 @@

 import type { Server } from "http";
 import { generatePKCE } from "./pkce.js";
-import type { OAuthCredentials } from "./types.js";
+import type { OAuthCredentials, OAuthLoginCallbacks, OAuthProviderInterface } from "./types.js";
+
+type AntigravityCredentials = OAuthCredentials & {
+	projectId: string;
+};

 // Antigravity OAuth credentials (different from Gemini CLI)
 const decode = (s: string) => atob(s);
@ -411,3 +415,26 @@ export async function loginAntigravity(
 		server.server.close();
 	}
 }
+
+export const antigravityOAuthProvider: OAuthProviderInterface = {
+	id: "google-antigravity",
+	name: "Antigravity (Gemini 3, Claude, GPT-OSS)",
+	usesCallbackServer: true,
+
+	async login(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials> {
+		return loginAntigravity(callbacks.onAuth, callbacks.onProgress, callbacks.onManualCodeInput);
+	},
+
+	async refreshToken(credentials: OAuthCredentials): Promise<OAuthCredentials> {
+		const creds = credentials as AntigravityCredentials;
+		if (!creds.projectId) {
+			throw new Error("Antigravity credentials missing projectId");
+		}
+		return refreshAntigravityToken(creds.refresh, creds.projectId);
+	},
+
+	getApiKey(credentials: OAuthCredentials): string {
+		const creds = credentials as AntigravityCredentials;
+		return JSON.stringify({ token: creds.access, projectId: creds.projectId });
+	},
+};
--- a/packages/ai/src/utils/oauth/google-gemini-cli.ts
+++ b/packages/ai/src/utils/oauth/google-gemini-cli.ts
@ -8,7 +8,11 @@

 import type { Server } from "http";
 import { generatePKCE } from "./pkce.js";
-import type { OAuthCredentials } from "./types.js";
+import type { OAuthCredentials, OAuthLoginCallbacks, OAuthProviderInterface } from "./types.js";
+
+type GeminiCredentials = OAuthCredentials & {
+	projectId: string;
+};

 const decode = (s: string) => atob(s);
 const CLIENT_ID = decode(
@ -553,3 +557,26 @@ export async function loginGeminiCli(
 		server.server.close();
 	}
 }
+
+export const geminiCliOAuthProvider: OAuthProviderInterface = {
+	id: "google-gemini-cli",
+	name: "Google Cloud Code Assist (Gemini CLI)",
+	usesCallbackServer: true,
+
+	async login(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials> {
+		return loginGeminiCli(callbacks.onAuth, callbacks.onProgress, callbacks.onManualCodeInput);
+	},
+
+	async refreshToken(credentials: OAuthCredentials): Promise<OAuthCredentials> {
+		const creds = credentials as GeminiCredentials;
+		if (!creds.projectId) {
+			throw new Error("Google Cloud credentials missing projectId");
+		}
+		return refreshGoogleCloudToken(creds.refresh, creds.projectId);
+	},
+
+	getApiKey(credentials: OAuthCredentials): string {
+		const creds = credentials as GeminiCredentials;
+		return JSON.stringify({ token: creds.access, projectId: creds.projectId });
+	},
+};
--- a/packages/ai/src/utils/oauth/index.ts
+++ b/packages/ai/src/utils/oauth/index.ts
@ -10,100 +10,111 @@
 */

 // Anthropic
-export { loginAnthropic, refreshAnthropicToken } from "./anthropic.js";
+export { anthropicOAuthProvider, loginAnthropic, refreshAnthropicToken } from "./anthropic.js";
 // GitHub Copilot
 export {
 	getGitHubCopilotBaseUrl,
+	githubCopilotOAuthProvider,
 	loginGitHubCopilot,
 	normalizeDomain,
 	refreshGitHubCopilotToken,
 } from "./github-copilot.js";
 // Google Antigravity
-export {
-	loginAntigravity,
-	refreshAntigravityToken,
-} from "./google-antigravity.js";
+export { antigravityOAuthProvider, loginAntigravity, refreshAntigravityToken } from "./google-antigravity.js";
 // Google Gemini CLI
-export {
-	loginGeminiCli,
-	refreshGoogleCloudToken,
-} from "./google-gemini-cli.js";
+export { geminiCliOAuthProvider, loginGeminiCli, refreshGoogleCloudToken } from "./google-gemini-cli.js";
 // OpenAI Codex (ChatGPT OAuth)
-export {
-	loginOpenAICodex,
-	refreshOpenAICodexToken,
-} from "./openai-codex.js";
+export { loginOpenAICodex, openaiCodexOAuthProvider, refreshOpenAICodexToken } from "./openai-codex.js";

 export * from "./types.js";

 // ============================================================================
-// High-level API
+// Provider Registry
 // ============================================================================

-import { refreshAnthropicToken } from "./anthropic.js";
-import { refreshGitHubCopilotToken } from "./github-copilot.js";
-import { refreshAntigravityToken } from "./google-antigravity.js";
-import { refreshGoogleCloudToken } from "./google-gemini-cli.js";
-import { refreshOpenAICodexToken } from "./openai-codex.js";
-import type { OAuthCredentials, OAuthProvider, OAuthProviderInfo } from "./types.js";
+import { anthropicOAuthProvider } from "./anthropic.js";
+import { githubCopilotOAuthProvider } from "./github-copilot.js";
+import { antigravityOAuthProvider } from "./google-antigravity.js";
+import { geminiCliOAuthProvider } from "./google-gemini-cli.js";
+import { openaiCodexOAuthProvider } from "./openai-codex.js";
+import type { OAuthCredentials, OAuthProviderId, OAuthProviderInfo, OAuthProviderInterface } from "./types.js";
+
+const oauthProviderRegistry = new Map<string, OAuthProviderInterface>([
+	[anthropicOAuthProvider.id, anthropicOAuthProvider],
+	[githubCopilotOAuthProvider.id, githubCopilotOAuthProvider],
+	[geminiCliOAuthProvider.id, geminiCliOAuthProvider],
+	[antigravityOAuthProvider.id, antigravityOAuthProvider],
+	[openaiCodexOAuthProvider.id, openaiCodexOAuthProvider],
+]);
+
+/**
+ * Get an OAuth provider by ID
+ */
+export function getOAuthProvider(id: OAuthProviderId): OAuthProviderInterface | undefined {
+	return oauthProviderRegistry.get(id);
+}
+
+/**
+ * Register a custom OAuth provider
+ */
+export function registerOAuthProvider(provider: OAuthProviderInterface): void {
+	oauthProviderRegistry.set(provider.id, provider);
+}
+
+/**
+ * Get all registered OAuth providers
+ */
+export function getOAuthProviders(): OAuthProviderInterface[] {
+	return Array.from(oauthProviderRegistry.values());
+}
+
+/**
+ * @deprecated Use getOAuthProviders() which returns OAuthProviderInterface[]
+ */
+export function getOAuthProviderInfoList(): OAuthProviderInfo[] {
+	return getOAuthProviders().map((p) => ({
+		id: p.id,
+		name: p.name,
+		available: true,
+	}));
+}
+
+// ============================================================================
+// High-level API (uses provider registry)
+// ============================================================================

 /**
 * Refresh token for any OAuth provider.
- * Saves the new credentials and returns the new access token.
+ * @deprecated Use getOAuthProvider(id).refreshToken() instead
 */
 export async function refreshOAuthToken(
-	provider: OAuthProvider,
+	providerId: OAuthProviderId,
 	credentials: OAuthCredentials,
 ): Promise<OAuthCredentials> {
-	if (!credentials) {
-		throw new Error(`No OAuth credentials found for ${provider}`);
+	const provider = getOAuthProvider(providerId);
+	if (!provider) {
+		throw new Error(`Unknown OAuth provider: ${providerId}`);
 	}
-
-	let newCredentials: OAuthCredentials;
-
-	switch (provider) {
-		case "anthropic":
-			newCredentials = await refreshAnthropicToken(credentials.refresh);
-			break;
-		case "github-copilot":
-			newCredentials = await refreshGitHubCopilotToken(credentials.refresh, credentials.enterpriseUrl);
-			break;
-		case "google-gemini-cli":
-			if (!credentials.projectId) {
-				throw new Error("Google Cloud credentials missing projectId");
-			}
-			newCredentials = await refreshGoogleCloudToken(credentials.refresh, credentials.projectId);
-			break;
-		case "google-antigravity":
-			if (!credentials.projectId) {
-				throw new Error("Antigravity credentials missing projectId");
-			}
-			newCredentials = await refreshAntigravityToken(credentials.refresh, credentials.projectId);
-			break;
-		case "openai-codex":
-			newCredentials = await refreshOpenAICodexToken(credentials.refresh);
-			break;
-		default:
-			throw new Error(`Unknown OAuth provider: ${provider}`);
-	}
-
-	return newCredentials;
+	return provider.refreshToken(credentials);
 }

 /**
 * Get API key for a provider from OAuth credentials.
 * Automatically refreshes expired tokens.
 *
- * For google-gemini-cli and antigravity, returns JSON-encoded { token, projectId }
- *
- * @returns API key string, or null if no credentials
+ * @returns API key string and updated credentials, or null if no credentials
 * @throws Error if refresh fails
 */
 export async function getOAuthApiKey(
-	provider: OAuthProvider,
+	providerId: OAuthProviderId,
 	credentials: Record<string, OAuthCredentials>,
 ): Promise<{ newCredentials: OAuthCredentials; apiKey: string } | null> {
-	let creds = credentials[provider];
+	const provider = getOAuthProvider(providerId);
+	if (!provider) {
+		throw new Error(`Unknown OAuth provider: ${providerId}`);
+	}
+
+	let creds = credentials[providerId];
 	if (!creds) {
 		return null;
 	}
@ -111,47 +122,12 @@ export async function getOAuthApiKey(
 	// Refresh if expired
 	if (Date.now() >= creds.expires) {
 		try {
-			creds = await refreshOAuthToken(provider, creds);
+			creds = await provider.refreshToken(creds);
 		} catch (_error) {
-			throw new Error(`Failed to refresh OAuth token for ${provider}`);
+			throw new Error(`Failed to refresh OAuth token for ${providerId}`);
 		}
 	}

-	// For providers that need projectId, return JSON
-	const needsProjectId = provider === "google-gemini-cli" || provider === "google-antigravity";
-	const apiKey = needsProjectId ? JSON.stringify({ token: creds.access, projectId: creds.projectId }) : creds.access;
+	const apiKey = provider.getApiKey(creds);
 	return { newCredentials: creds, apiKey };
 }
-
-/**
- * Get list of OAuth providers
- */
-export function getOAuthProviders(): OAuthProviderInfo[] {
-	return [
-		{
-			id: "anthropic",
-			name: "Anthropic (Claude Pro/Max)",
-			available: true,
-		},
-		{
-			id: "openai-codex",
-			name: "ChatGPT Plus/Pro (Codex Subscription)",
-			available: true,
-		},
-		{
-			id: "github-copilot",
-			name: "GitHub Copilot",
-			available: true,
-		},
-		{
-			id: "google-gemini-cli",
-			name: "Google Cloud Code Assist (Gemini CLI)",
-			available: true,
-		},
-		{
-			id: "google-antigravity",
-			name: "Antigravity (Gemini 3, Claude, GPT-OSS)",
-			available: true,
-		},
-	];
-}
--- a/packages/ai/src/utils/oauth/openai-codex.ts
+++ b/packages/ai/src/utils/oauth/openai-codex.ts
@ -18,7 +18,7 @@ if (typeof process !== "undefined" && (process.versions?.node || process.version
 }

 import { generatePKCE } from "./pkce.js";
-import type { OAuthCredentials, OAuthPrompt } from "./types.js";
+import type { OAuthCredentials, OAuthLoginCallbacks, OAuthPrompt, OAuthProviderInterface } from "./types.js";

 const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
 const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
@ -430,3 +430,26 @@ export async function refreshOpenAICodexToken(refreshToken: string): Promise<OAu
 		accountId,
 	};
 }
+
+export const openaiCodexOAuthProvider: OAuthProviderInterface = {
+	id: "openai-codex",
+	name: "ChatGPT Plus/Pro (Codex Subscription)",
+	usesCallbackServer: true,
+
+	async login(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials> {
+		return loginOpenAICodex({
+			onAuth: callbacks.onAuth,
+			onPrompt: callbacks.onPrompt,
+			onProgress: callbacks.onProgress,
+			onManualCodeInput: callbacks.onManualCodeInput,
+		});
+	},
+
+	async refreshToken(credentials: OAuthCredentials): Promise<OAuthCredentials> {
+		return refreshOpenAICodexToken(credentials.refresh);
+	},
+
+	getApiKey(credentials: OAuthCredentials): string {
+		return credentials.access;
+	},
+};
--- a/packages/ai/src/utils/oauth/types.ts
+++ b/packages/ai/src/utils/oauth/types.ts
@ -1,19 +1,16 @@
+import type { Api, Model } from "../../types.js";
+
 export type OAuthCredentials = {
 	refresh: string;
 	access: string;
 	expires: number;
-	enterpriseUrl?: string;
-	projectId?: string;
-	email?: string;
-	accountId?: string;
+	[key: string]: unknown;
 };

-export type OAuthProvider =
-	| "anthropic"
-	| "github-copilot"
-	| "google-gemini-cli"
-	| "google-antigravity"
-	| "openai-codex";
+export type OAuthProviderId = string;
+
+/** @deprecated Use OAuthProviderId instead */
+export type OAuthProvider = OAuthProviderId;

 export type OAuthPrompt = {
 	message: string;
@ -26,8 +23,37 @@ export type OAuthAuthInfo = {
 	instructions?: string;
 };

+export interface OAuthLoginCallbacks {
+	onAuth: (info: OAuthAuthInfo) => void;
+	onPrompt: (prompt: OAuthPrompt) => Promise<string>;
+	onProgress?: (message: string) => void;
+	onManualCodeInput?: () => Promise<string>;
+	signal?: AbortSignal;
+}
+
+export interface OAuthProviderInterface {
+	readonly id: OAuthProviderId;
+	readonly name: string;
+
+	/** Run the login flow, return credentials to persist */
+	login(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials>;
+
+	/** Whether login uses a local callback server and supports manual code input. */
+	usesCallbackServer?: boolean;
+
+	/** Refresh expired credentials, return updated credentials to persist */
+	refreshToken(credentials: OAuthCredentials): Promise<OAuthCredentials>;
+
+	/** Convert credentials to API key string for the provider */
+	getApiKey(credentials: OAuthCredentials): string;
+
+	/** Optional: modify models for this provider (e.g., update baseUrl) */
+	modifyModels?(models: Model<Api>[], credentials: OAuthCredentials): Model<Api>[];
+}
+
+/** @deprecated Use OAuthProviderInterface instead */
 export interface OAuthProviderInfo {
-	id: OAuthProvider;
+	id: OAuthProviderId;
 	name: string;
 	available: boolean;
 }