feat: add ChatGPT device code login method

[cmraible]

What do you want to change?

Currently when running /login and selecting "ChatGPT Plus/Pro (Codex Subscription)" in the TUI, the default and only login method is the standard browser-based, localhost callback method. This option does not work on headless devices, e.g. over SSH.

This issue is a proposal to add a "Sign in with Device Code" option, similar to the Codex TUI coding agent. When a user selects the "ChatGPT Plus/Pro (Codex Subscription)" option in the /login flow, the user will be presented with a "Browser OAuth" and a "Device Code" option. The "Browser OAuth" option would continue to work as it does today, and the "Device Code" option would work the same way it does in the Codex TUI.

I have a draft of this working locally, and I'd be happy to raise a PR if approved.

Why?

It's currently not possible (AFAICT) to run pi on a remote, headless host using a ChatGPT Subscription, because the Browser OAuth login method doesn't work without a local browser. pi is IMO the ideal coding agent for remote, sandboxed environments, but it's a non-starter for me right now since I can't use my existing provider subscription in these environments.

How? (optional)

• Extend the OAuthProviderInterface to support multiple loginMethods per provider
• Add the deviceCode login method implementation to the openai/codex provider
• Add OAuthLoginMethodSelector component to the interface to allow users to choose which login method to use

[github-actions]

This issue was auto-closed. All issues from new contributors are auto-closed by default.

Maintainers review auto-closed issues daily and reopen worthwhile ones. Issues that do not meet the quality bar in CONTRIBUTING.md will not be reopened or receive a reply.

If a maintainer replies lgtmi on one of your issues, your future issues will stay open. If a maintainer replies lgtm, your future issues and PRs will stay open.

See CONTRIBUTING.md.

[badlogic]

it does tho, because you can take the oauth link, open it on a machine with a browser and paste the callback url back into your remote headless session.

however, if device code support is easy enough, i'd be happy to merge a well tested PR

lgtm

[github-actions]

@cmraible approved for issues and PRs. Your future issues and PRs will not be auto-closed.

See CONTRIBUTING.md.

[vegarsti]

@cmraible Feel free to submit a PR for this! I'll try to get this in because I need it too 😄

[davzucky]

I opened PR #4777 with an implementation for the device-code login flow, but it was auto-closed by the contributor gate because my account does not have PR approval yet:

#4777

The branch is available here:

https://github.com/davzucky/pi/tree/issue-3424-openai-device-code-login

It keeps Browser OAuth as the default, adds a Device Code option for OpenAI Codex login, suppresses the redirect paste prompt for device login, and includes regression coverage for the browser fallback, device flow, timeout, and cancellation paths.

[vegarsti]

@cmraible @davzucky This shipped in 0.77.0!