You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ChatGPT sign-in was failing because the OAuth callback tried to mint an
API key via token-exchange, which requires API platform access that most
ChatGPT subscriptions don't include. Now uses the Codex Responses API
(chatgpt.com/backend-api/codex/responses) with the OAuth access token
directly — same approach the Codex CLI and Aside browser use.
Claude token exchange was failing on 429 rate limits with no retry. Added
exponential backoff with retry-after header support.
Changes:
- Rewrite callOpenAIOAuth to use Codex Responses API with SSE streaming
- Remove mintOpenAIApiKey call from OAuth callback handler
- Add getOpenAIAccessToken helper for direct token access
- Add parseCodexResponsesSSE for streaming response parsing
- Fix tokenErrorMessage [object Object] bug on nested error objects
- Add fetchWithRetry to oauth-anthropic.js for 429 backoff
- Update OpenAI model catalog: add GPT-5.4/5.5, make GPT-5.4 recommended
- Add chatgpt.com to manifest host_permissions
- Fix waitForOpenAIOAuthResult to poll for credentials not minted key
- 945/945 tests pass
-**ChatGPT subscription sign-in now works without API platform access.** The previous flow tried to mint an OpenAI API key (`sk-…`) from the OAuth `id_token` via a token-exchange grant — which only works if your ChatGPT plan includes API platform access. Most ChatGPT Plus/Pro subscriptions don't, so every sign-in failed with "Couldn't enable API access for this ChatGPT account." RepoLens now uses the **Codex Responses API** at `chatgpt.com/backend-api/codex/responses` with the OAuth access token directly — the same endpoint the Codex CLI and Aside browser use. No API key minting required; the subscription itself authorizes the request.
15
+
-**ChatGPT OAuth error messages are now readable.** The token-exchange error handler was stringifying nested error objects as `[object Object]`. It now drills into `error.message`, `error_description`, and stringifies objects properly.
16
+
-**ChatGPT OAuth callback no longer clears credentials on success.** The callback handler was still calling `mintOpenAIApiKey()` after the code exchange, which failed and then wiped the just-stored OAuth credentials — making the provider look disconnected even though the sign-in itself succeeded.
17
+
-**Claude sign-in rate-limit handling.** Anthropic's token endpoint rate-limits aggressively on repeated sign-in attempts or concurrent refreshes, surfacing as "Claude token exchange failed: Rate limited." Both the token exchange and refresh paths now retry with exponential backoff (up to 2 retries, reads `retry-after` header, 30s max delay) before giving up.
18
+
19
+
### Changed
20
+
21
+
-**OpenAI model catalog updated.** Added GPT-5.4 (recommended), GPT-5.4 mini, and GPT-5.5 to the model picker — matching what ChatGPT subscriptions expose via the Codex Responses API. GPT-4.1, GPT-4o, and o4-mini remain as fallbacks.
22
+
-**Default OpenAI model is now GPT-5.4** (was GPT-4.1), matching the current generation available through ChatGPT subscriptions.
23
+
-**`waitForOpenAIOAuthResult` now polls for OAuth credentials** instead of a minted API key, since the Codex Responses API path uses the access token directly.
24
+
-**Removed unused `mintOpenAIApiKey` import** from background.js — the minting step is no longer part of the inference or callback path.
0 commit comments