Skip to content

[codex] fix OAuth resource discovery#4

Merged
tiankaima merged 1 commit into
mainfrom
codex/oauth-resource-tolerance
Jul 1, 2026
Merged

[codex] fix OAuth resource discovery#4
tiankaima merged 1 commit into
mainfrom
codex/oauth-resource-tolerance

Conversation

@tiankaima

Copy link
Copy Markdown
Member

Summary

  • Discover canonical OAuth metadata paths before legacy root metadata.
  • Use the advertised issuer as the OAuth resource for browser and device login.
  • Accept EdDSA ID tokens, matching the server metadata.
  • Normalize stored credentials to the current issuer resource during refresh.

Root Cause

The CLI used the bare server origin as the OAuth resource and only accepted RS256/ES256 ID tokens, while the production server advertises /api/auth and EdDSA.

Validation

  • go build -o ./life-ustc ./cmd/life-ustc
  • Manual debug server login, auth status, me, and todo list succeeded.

@tiankaima
tiankaima merged commit 9b4ee3a into main Jul 1, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant