vtcode-auth 0.123.2

Authentication and OAuth flows shared across VT Code
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

# vtcode-auth

[Root AGENTS.md](../AGENTS.md) | OAuth PKCE flows and credential storage for LLM providers.

## Modules

`openai_chatgpt_oauth/` OpenAI ChatGPT OAuth | `openrouter_oauth/` OpenRouter OAuth | `mcp_oauth/` MCP server OAuth | `oauth_server/` local callback server | `pkce/` PKCE challenge generation | `credentials/` credential storage (keyring + file) | `auth_service/` OpenAIAccountAuthService | `config/` AuthConfig types | `storage_paths/` path resolution

## Rules

- All OAuth flows use PKCE — `generate_pkce_challenge()` is the entry point.
- `credentials::CredentialStorage` supports keyring and file-based backends.
- `oauth_server::run_auth_code_callback_server` starts a local HTTP server for OAuth callbacks.
- Re-exported from `vtcode-config::auth` for backward compat — canonical code is here.

## Gotchas

- `clear_openai_chatgpt_session_with_mode()` and `clear_oauth_token_with_mode()` accept storage mode — use the `_with_mode` variants for explicit control.
- MCP OAuth is separate from provider OAuth — `mcp_oauth::McpOAuthService` handles it.
- `credentials::keyring_entry` short-circuits when `keyring_disabled()` is true (`cfg!(debug_assertions)`, `cfg!(test)`, `VTCODE_DISABLE_KEYRING`, or `CI`), so debug builds, tests, and CI fall back to file storage and never trigger macOS Keychain prompts. Debug-keyring can be re-enabled with `VTCODE_DISABLE_KEYRING=0`. `is_keyring_functional()` caches its result to avoid repeated Keychain round trips.