[codex] validate api key before login success#21983
Conversation
|
All contributors have signed the CLA ✍️ ✅ |
|
I have read the CLA Document and I hereby sign the CLA |
|
recheck |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cf1f255a5f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| api_key: &str, | ||
| ) -> CoreResult<()> { | ||
| OpenAiModelsEndpoint::with_auth(provider_info, CodexAuth::from_api_key(api_key)) | ||
| .list_models(&client_version_to_whole()) |
There was a problem hiding this comment.
For a normal OpenAI API-key login, this calls the default https://api.openai.com/v1/models path but list_models deserializes the response as Codex's ModelsResponse { models } metadata schema. The public OpenAI models endpoint returns a different list shape, so valid keys fail validation with a decode/internal error before being persisted.
Useful? React with 👍 / 👎.
1 participant
Summary
/modelspath before persisting credentialsWhy
account/login/startcurrently accepts any API-key string, writes it to auth storage, and reports success before the key has ever been used. In desktop onboarding that lets an invalid key advance the user into the product, only to fail on the first real request.Impact
Invalid or unusable API keys now stay on the login step and fail immediately. Valid API-key login keeps the same behavior, but only after the credential has been proven usable.
Validation
cargo test -p codex-app-server --test all login_account_api_key_rejects_unusable_key_before_persistingcargo test -p codex-app-server --test all login_account_api_key_cargo fmt --all --checksk-invalid-test-keynow stays on the API-key step and surfacesAPI key is invalid or unusable.