Skip to content

feat: add xAI OAuth manual-code login fallback#27556

Closed
WinterArc21 wants to merge 1 commit into
NousResearch:mainfrom
WinterArc21:feat/xai-oauth-manual-code
Closed

feat: add xAI OAuth manual-code login fallback#27556
WinterArc21 wants to merge 1 commit into
NousResearch:mainfrom
WinterArc21:feat/xai-oauth-manual-code

Conversation

@WinterArc21

@WinterArc21 WinterArc21 commented May 17, 2026

Copy link
Copy Markdown

Summary

  • Add --manual-code / --paste-code for xAI Grok OAuth so remote, phone, Discord, SSH, and headless sessions can complete login without a live loopback callback.
  • Let users open the xAI authorize URL on any device, paste the failed localhost redirect URL or one-time code back into Hermes, then complete the normal PKCE token exchange.
  • Preserve OAuth protections by reusing the same PKCE verifier and redirect URI, validating state when a full redirect URL/query string is pasted, and sharing token exchange validation with the loopback flow.
  • Wire the flag through hermes login, hermes auth add, and hermes model.
  • Update xAI OAuth and OAuth-over-SSH docs to recommend manual-code mode for phone/remote flows while keeping SSH tunnels as the automatic callback alternative.

Why

The existing xAI OAuth flow starts a localhost callback listener on the Hermes machine. That works when the browser is also on that machine, but it breaks when Hermes is being driven from Discord, a phone, SSH, WSL, or another remote setup. In those cases, xAI redirects the browser to 127.0.0.1 on the browser device, not the machine running Hermes.

Manual-code mode keeps the existing xAI PKCE flow, but gives the user a way to paste the authorization response back into Hermes when the browser cannot reach the local listener.

Test plan

  • python -m py_compile hermes_cli/auth.py hermes_cli/auth_commands.py hermes_cli/main.py
  • python -m pytest tests/hermes_cli/test_auth_xai_oauth_provider.py tests/hermes_cli/test_auth_commands.py tests/hermes_cli/test_auth_loopback_ssh_hint.py tests/hermes_cli/test_argparse_flag_propagation.py -o 'addopts=' -q
  • python -m pytest tests/hermes_cli/test_auth*.py tests/hermes_cli/test_argparse_flag_propagation.py -o 'addopts=' -q
  • git diff --check

@alt-glitch alt-glitch added type/feature New feature or request P2 Medium — degraded but workaround exists area/auth Authentication, OAuth, credential pools provider/xai xAI (Grok) comp/cli CLI entry point, hermes_cli/, setup wizard labels May 17, 2026
@alt-glitch

alt-glitch commented May 17, 2026

Copy link
Copy Markdown
Collaborator

Overlaps significantly with #26929 (--manual-paste for remote consoles) and #27523 (--paste-code for WSL2). All three address the same use case: manual OAuth callback paste when loopback listener is unreachable. Consider consolidating.

@alt-glitch alt-glitch mentioned this pull request May 17, 2026
Closed
1 task
@teknium1

teknium1 commented May 19, 2026

Copy link
Copy Markdown
Contributor

Closing in favor of #26929 (submitted first, same gap). #26929 already provides --manual-paste on hermes auth add and hermes model, with broadened remote-session detection (CLOUD_SHELL/CODESPACES/GITPOD/REPL_ID/STACKBLITZ), tests, and docs updates to oauth-over-ssh.md and xai-grok-oauth.md. The functional surface is the same. Thanks for the parallel work.

@teknium1 teknium1 closed this May 19, 2026
@teknium1 teknium1 mentioned this pull request May 19, 2026
Merged
@alt-glitch alt-glitch mentioned this pull request May 19, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/auth Authentication, OAuth, credential pools comp/cli CLI entry point, hermes_cli/, setup wizard P2 Medium — degraded but workaround exists provider/xai xAI (Grok) type/feature New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@WinterArc21 @alt-glitch @teknium1