Expand description
OpenRouter OAuth PKCE authentication flow.
This module implements the OAuth PKCE flow for OpenRouter, allowing users to authenticate with their OpenRouter account securely.
§Security Model
Tokens are encrypted at rest using AES-256-GCM with a machine-derived key. The key is derived from:
- Machine hostname
- User ID (where available)
- A static salt
This provides reasonable protection against casual access while remaining portable across the same user’s sessions on the same machine.
Structs§
- Open
RouterO Auth Config - Configuration for OpenRouter OAuth authentication.
- Open
Router Token - Stored OAuth token with metadata.
Enums§
- Auth
Status - OAuth authentication status.
Constants§
- DEFAULT_
CALLBACK_ PORT - Default callback port for localhost OAuth server
Functions§
- clear_
oauth_ token - Clear the stored OAuth token.
- exchange_
code_ for_ token - Exchange an authorization code for an API key.
- get_
auth_ status - Get the current OAuth authentication status.
- get_
auth_ url - Generate the OAuth authorization URL.
- load_
oauth_ token - Load an OAuth token from encrypted storage.
- save_
oauth_ token - Save an OAuth token to encrypted storage.