fix: accept RT-exchanged tokens missing chatgpt_account_id claim#2
Closed
xiaoliu10 wants to merge 4 commits into
Closed
fix: accept RT-exchanged tokens missing chatgpt_account_id claim#2xiaoliu10 wants to merge 4 commits into
xiaoliu10 wants to merge 4 commits into
Conversation
…g match Replace the fragile canAcceptRtExchangeToken() check (which matched on the exact "Token missing chatgpt_account_id claim" error string) with a dedicated validateRtExchangeToken() that only verifies the token is decodable and not expired. RT-exchanged tokens legitimately omit chatgpt_account_id, so the strict validateToken path should not gate them at all. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Owner
Author
|
Created in error — this work is tracked upstream in icebear0828#674. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Importing an account via refresh token fails when OpenAI's RT exchange returns an
access_tokenthat omits thechatgpt_account_idclaim — the strictvalidateTokenpath rejects it.Changes
jwt-utils.ts: addextractCodexTokenMetadata()to pullaccountId / userId / email / planTypefrom access_token, falling back to id_token.account-import.ts: RT-exchange path now bypassesvalidateTokenand uses a dedicatedvalidateRtExchangeToken()that only checks the token is decodable and not expired — no more fragile error-string matching.account-pool.ts/account-registry.ts/oauth-pkce.ts: thread imported metadata through; refresh now returnsid_token.Note
Supersedes closed PR #1 (its head commit was rewritten by an amend, so GitHub could not reopen it).
🤖 Generated with Claude Code