fix: preserve codex provider token during proxy sync#3723
Conversation
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a1377b239c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let live_auth = live_config.get("auth"); | ||
| let live_config_text = live_config.get("config").and_then(|v| v.as_str()); | ||
| let token_from_config = live_config_text | ||
| .and_then(crate::codex_config::extract_codex_experimental_bearer_token) |
There was a problem hiding this comment.
When a live Codex config is driven by profile = "..." and the profile selects the provider via [profiles.<name>].model_provider, the bearer token lives under that selected [model_providers.<id>] table; this call uses extract_codex_experimental_bearer_token, which only looks at the top-level model_provider and otherwise falls back to a top-level token. In that valid profile-only setup with OAuth/empty auth.json, sync_live_to_provider fails to backfill the current provider's auth.OPENAI_API_KEY, so enabling proxy takeover leaves the DB provider with a stale or missing key and proxy requests fail even though the live config contained the correct provider-scoped token.
Useful? React with 👍 / 👎.
2 participants
Summary / 概述
Fix Codex proxy sync in App Enhancements mode so third-party provider tokens stored in
config.tomlare preserved correctly.When Codex official auth is preserved, third-party API keys live in the active provider’s
experimental_bearer_tokeninstead ofauth.json. The proxy sync path now prioritizes that provider-scoped token and filtersPROXY_MANAGEDper source before falling back toauth.OPENAI_API_KEY, preventing official or placeholder auth from overwriting the third-party key.Related Issue / 关联 Issue
Fixes #3715
Screenshots / 截图
N/A, backend/proxy sync logic change only.
PROXY_MANAGEDor preserved official auth instead of the third-party provider token, causing third-party API failures.experimental_bearer_tokenand only falls back toauth.OPENAI_API_KEYwhen needed.Checklist / 检查清单
pnpm format:checkpasses / 通过代码格式检查cargo clippypasses (if Rust code changed) / 通过 Clippy 检查(如修改了 Rust 代码)cargo fmt --checkpasses