Description
When running hermes auth add xai-oauth --no-browser, the OAuth authorization callback is received successfully (shows "xAI authorization received. You can close this tab.") but the token exchange with xAI fails with:
AuthError: xAI authorization failed: code_challenge is required
Steps to reproduce
hermes auth add xai-oauth --no-browser- Open the printed authorize URL in a browser
- Complete the OAuth flow (authorize the app)
- The callback is received (browser shows success page)
- Token exchange fails with
code_challenge is required
Expected behavior
The authorization code should be successfully exchanged for tokens, and the xAI OAuth credential should be stored.
Actual behavior
The authorization code is received but the token exchange fails because the PKCE code_verifier is not being sent to xAI's token endpoint.
Environment
- Hermes Agent v0.14.0 (2026.5.16)
- Installed via
pipx install git+https://github.com/NousResearch/hermes-agent.git
- Running on Ubuntu 24.04
The OIDC discovery confirms xAI supports PKCE (code_challenge_methods_supported": ["S256"]), but Hermes doesn't include the code_verifier parameter in the token exchange POST request.
Description
When running
hermes auth add xai-oauth --no-browser, the OAuth authorization callback is received successfully (shows "xAI authorization received. You can close this tab.") but the token exchange with xAI fails with:Steps to reproduce
hermes auth add xai-oauth --no-browsercode_challenge is requiredExpected behavior
The authorization code should be successfully exchanged for tokens, and the xAI OAuth credential should be stored.
Actual behavior
The authorization code is received but the token exchange fails because the PKCE
code_verifieris not being sent to xAI's token endpoint.Environment
pipx install git+https://github.com/NousResearch/hermes-agent.gitThe OIDC discovery confirms xAI supports PKCE (
code_challenge_methods_supported": ["S256"]), but Hermes doesn't include thecode_verifierparameter in the token exchange POST request.