Module auth 

GitHub Copilot OAuth device-code authentication and token management.

Flow:

1. POST /login/device/code → device_code + user_code + verification_uri
2. Show user_code, ask user to visit verification_uri in browser
3. Poll POST /login/oauth/access_token until access_token arrives
4. GET /copilot_internal/v2/token → short-lived Copilot API token (TTL ~25 min)
5. Before every LLM call: if token is expired, repeat step 4 only.

The OAuth access_token (step 3) is persisted to ~/.config/xcode/copilot_auth.json so the user only has to do device-code once per machine.

Structs

CopilotApiToken

Short-lived Copilot token returned by the GitHub internal token endpoint. Expires in ~25 minutes; we refresh automatically before every LLM call.

CopilotOAuthToken

Persisted after device-code flow. Only needs to be refreshed via device-code flow if revoked by the user; otherwise access_token is long-lived.

Constants

COPILOT_CLIENT_ID

GitHub’s public client-id for Copilot extensions. This is the same identifier used by neovim/copilot.vim, VS Code, etc.

Functions

device_code_flow

Runs the full GitHub device-code OAuth flow interactively. Prints the user_code and verification URL to stdout, then polls until the user completes authorization.

refresh_copilot_token

Exchange the long-lived OAuth access_token for a short-lived Copilot API token. Call this before every LLM request when CopilotApiToken::is_expired().