feat: support OAuth subscription login as alternative to API keys

[elucid]

Summary

Add support for authenticating with LLM providers via OAuth subscription (e.g. ChatGPT Plus/Pro, Claude Pro/Max) instead of requiring API keys. This closes the workflow gap where headless/VM installs required manual patching of start.sh to use subscription-based LLM access.

Motivation

Pi (the underlying agent harness) supports OAuth subscription login via /login, but baudbot's setup and startup scripts only check for API key environment variables. Users with subscriptions but no API keys are blocked — they can't get past baudbot config or start.sh without workarounds.

This came up during a Proxmox VM install where the only viable LLM auth was a ChatGPT Pro subscription. The workaround required manually running pi to do /login, then patching start.sh to check auth.json — a patch that gets overwritten on every baudbot update.

Changes

New: bin/oauth-login.mjs

Standalone OAuth login script implementing PKCE flows for OpenAI Codex and Anthropic. Writes credentials to pi's auth.json format. Supports both localhost callback (port 1455) and manual URL paste for headless servers.

New: baudbot login

CLI command (sudo baudbot login) that runs the OAuth flow and writes auth.json with correct ownership/permissions for the agent user. Can be run standalone or re-run later to re-authenticate.

config.sh — Two-tier auth picker

The LLM configuration now presents a first-level choice:

• API key → existing flow (pick provider, enter key)
• Subscription login (OAuth) → pick ChatGPT Plus/Pro or Claude Pro/Max, complete OAuth inline

start.sh — auth.json fallback

After checking API key env vars, start.sh now checks ~/.pi/agent/auth.json for OAuth credentials before failing. Supports openai-codex, anthropic, google, and github-copilot provider entries.

doctor.sh — auth.json awareness

The LLM health check recognizes OAuth credentials in auth.json as valid, instead of reporting a false failure.

install.sh — launch gate

The post-install launch check now considers auth.json credentials when deciding whether the agent has valid LLM auth.

Testing

• All existing config.test.sh tests updated for the new auth tier choice and passing (15/15)
• All baudbot.test.sh CLI tests passing (5/5)
• Syntax verified: all modified shell scripts and the new .mjs file
• OAuth flow tested manually during original VM setup (documented in install notes)

[greptile-apps]

Greptile Summary

This PR adds OAuth subscription login as an alternative to API keys, enabling users with ChatGPT Plus/Pro or Claude Pro/Max subscriptions to authenticate without needing API keys. The implementation adds a new baudbot login command and integrates OAuth flows into the existing configuration system.

Key changes:

• New bin/oauth-login.mjs implements PKCE-based OAuth flows for OpenAI Codex and Anthropic providers
• bin/config.sh now presents a two-tier authentication choice: API key or subscription login
• start.sh, doctor.sh, and install.sh all recognize OAuth credentials in ~/.pi/agent/auth.json
• Test suite updated to accommodate the new auth tier prompt

Critical issues:

• The Anthropic OAuth flow has two security vulnerabilities: it uses the PKCE verifier as the state parameter (weakening both CSRF and PKCE protections), and it never validates the state parameter against the expected value when the user manually pastes the authorization code
• These issues create a CSRF vulnerability that could allow an attacker to trick a user into authenticating with the attacker's account

Positive aspects:

• Well-structured integration across all relevant scripts
• Proper file permissions (0o600) and ownership handling for sensitive credential files
• Graceful fallback between API keys and OAuth credentials
• Good user experience with automatic callback server and manual paste fallback

Confidence Score: 2/5

• This PR has critical security vulnerabilities in the Anthropic OAuth flow that must be fixed before merging
• The Anthropic OAuth implementation has two critical security flaws: using the PKCE verifier as the state parameter (line 293) and missing state validation (lines 306-309). These vulnerabilities expose users to CSRF attacks during authentication. While the OpenAI Codex flow is more secure, and the rest of the implementation is well-structured with proper permissions and integration, the security issues in Anthropic OAuth are severe enough to warrant fixing before merge.
• bin/oauth-login.mjs requires immediate security fixes for the Anthropic OAuth flow (lines 293 and 306-309)

Important Files Changed

Filename	Overview
bin/oauth-login.mjs	New OAuth login script with CSRF vulnerability in Anthropic flow - state parameter not validated
bin/config.sh	Added two-tier auth picker (API key vs OAuth subscription) with proper error handling and Node.js resolution
bin/baudbot	Added login command with proper ownership fixes for auth.json
start.sh	Added auth.json fallback for OAuth credentials with proper jq dependency check
bin/config.test.sh	Updated tests for new auth tier prompt, added Test 7 for subscription path but doesn't test actual OAuth flow

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    Start([User runs baudbot config]) --> AuthTier{Choose auth tier}
    AuthTier -->|API key| ProviderPicker[Pick LLM provider]
    AuthTier -->|Subscription OAuth| CheckExisting{Existing auth.json?}
    
    ProviderPicker --> EnterKey[Enter API key]
    EnterKey --> ValidateKey{Key valid?}
    ValidateKey -->|No| Fail([Exit with error])
    ValidateKey -->|Yes| WriteEnv[Write to .env]
    
    CheckExisting -->|Yes| Reauth{Re-authenticate?}
    CheckExisting -->|No| RunOAuth[Run oauth-login.mjs]
    Reauth -->|No| KeepCreds[Keep existing credentials]
    Reauth -->|Yes| RunOAuth
    
    RunOAuth --> PickOAuthProvider[Pick provider:<br/>OpenAI Codex or Anthropic]
    PickOAuthProvider --> OpenURL[Open OAuth URL in browser]
    OpenURL --> Callback{Callback method?}
    Callback -->|localhost:1455| AutoCallback[Automatic callback]
    Callback -->|Manual paste| PasteURL[Paste redirect URL/code]
    
    AutoCallback --> ExchangeToken[Exchange code for tokens]
    PasteURL --> ExchangeToken
    ExchangeToken --> WriteAuth[Write to auth.json]
    WriteAuth --> FixOwnership[Fix file ownership]
    FixOwnership --> Done
    
    KeepCreds --> Done
    WriteEnv --> Done([Continue to Slack setup])

Loading

_{Last reviewed commit: 00fe358}

[greptile-apps]

_{7 files reviewed, 8 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

state validation skipped when parsed.state is undefined, allowing CSRF attacks

The condition only throws when state exists AND mismatches. If user pastes just the code (no state param), validation is bypassed entirely. PKCE's state parameter must always be validated when received.

Suggested change

	if (parsed.state && parsed.state !== state) throw new Error("State mismatch");
	if (!parsed.state || parsed.state !== state) throw new Error("State mismatch");

Prompt To Fix With AI

This is a comment left during a code review.
Path: bin/oauth-login.mjs
Line: 229

Comment:
state validation skipped when `parsed.state` is undefined, allowing CSRF attacks

The condition only throws when state exists AND mismatches. If user pastes just the code (no state param), validation is bypassed entirely. PKCE's state parameter must always be validated when received.

```suggestion
    if (!parsed.state || parsed.state !== state) throw new Error("State mismatch");
```

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

state validation skipped when parsed.state is undefined

Suggested change

	if (parsed.state && parsed.state !== state) throw new Error("State mismatch");
	if (!parsed.state || parsed.state !== state) throw new Error("State mismatch");

Prompt To Fix With AI

This is a comment left during a code review.
Path: bin/oauth-login.mjs
Line: 240

Comment:
state validation skipped when `parsed.state` is undefined

```suggestion
      if (!parsed.state || parsed.state !== state) throw new Error("State mismatch");
```

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

state validation skipped when parsed.state is undefined

Suggested change

	if (parsed.state && parsed.state !== state) throw new Error("State mismatch");
	if (!parsed.state || parsed.state !== state) throw new Error("State mismatch");

Prompt To Fix With AI

This is a comment left during a code review.
Path: bin/oauth-login.mjs
Line: 251

Comment:
state validation skipped when `parsed.state` is undefined

```suggestion
    if (!parsed.state || parsed.state !== state) throw new Error("State mismatch");
```

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

base64 encoding provides no security for client secrets in source code

If this client ID needs protection, it should be externalized. If it's public (like OpenAI's on line 41), no obfuscation is needed.

Prompt To Fix With AI

This is a comment left during a code review.
Path: bin/oauth-login.mjs
Line: 51

Comment:
base64 encoding provides no security for client secrets in source code

If this client ID needs protection, it should be externalized. If it's public (like OpenAI's on line 41), no obfuscation is needed.

How can I resolve this? If you propose a fix, please make it concise.

[elucid]

This is a public OAuth client ID (same one shipped in Claude Code and pi) — the base64 is just to suppress secret-scanner false positives. Added a comment clarifying that.

[greptile-apps]

5-minute buffer applied to Anthropic tokens but not OpenAI (line 290) - inconsistent without comment explaining why

Prompt To Fix With AI

This is a comment left during a code review.
Path: bin/oauth-login.mjs
Line: 353

Comment:
5-minute buffer applied to Anthropic tokens but not OpenAI (line 290) - inconsistent without comment explaining why

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

no test coverage for OAuth subscription login path (choice 2)

All tests select "1" (API key tier) then provider. The new OAuth subscription path needs at least one test to verify the flow works and auth.json is properly created/detected.

Prompt To Fix With AI

This is a comment left during a code review.
Path: bin/config.test.sh
Line: 85-95

Comment:
no test coverage for OAuth subscription login path (choice 2)

All tests select "1" (API key tier) then provider. The new OAuth subscription path needs at least one test to verify the flow works and `auth.json` is properly created/detected.

How can I resolve this? If you propose a fix, please make it concise.

[elucid]

@greptileai review

[greptile-apps]

PKCE verifier should not be used as OAuth state parameter

State is for CSRF protection (opaque to auth server), while verifier is secret for PKCE binding. Using the same value weakens both mechanisms. Generate a separate random value:

Suggested change

	url.searchParams.set("state", verifier);
	const state = randomBytes(16).toString("hex");

Then add before line 286:

const state = randomBytes(16).toString("hex");

And validate it after line 308.

Prompt To Fix With AI

This is a comment left during a code review.
Path: bin/oauth-login.mjs
Line: 293

Comment:
PKCE verifier should not be used as OAuth state parameter

State is for CSRF protection (opaque to auth server), while verifier is secret for PKCE binding. Using the same value weakens both mechanisms. Generate a separate random value:

```suggestion
  const state = randomBytes(16).toString("hex");
```

Then add before line 286:
```
const state = randomBytes(16).toString("hex");
```

And validate it after line 308.

How can I resolve this? If you propose a fix, please make it concise.

[elucid]

This mirrors pi's upstream Anthropic OAuth implementation exactly — the verifier-as-state pattern is how pi itself handles this flow. If it changes upstream we'll pick it up.

[greptile-apps]

state extracted but never validated - CSRF vulnerability

The state parameter is extracted from user input but never validated against the expected value (verifier or separate random state). Add validation:

const splits = input.trim().split("#");
const code = splits[0];
const state = splits[1];

if (!state || state !== verifier) {
  throw new Error("State mismatch - possible CSRF attack");
}

Prompt To Fix With AI

This is a comment left during a code review.
Path: bin/oauth-login.mjs
Line: 306-309

Comment:
state extracted but never validated - CSRF vulnerability

The state parameter is extracted from user input but never validated against the expected value (verifier or separate random state). Add validation:

```
const splits = input.trim().split("#");
const code = splits[0];
const state = splits[1];

if (!state || state !== verifier) {
  throw new Error("State mismatch - possible CSRF attack");
}
```

How can I resolve this? If you propose a fix, please make it concise.

[elucid]

Same as above — this matches pi's upstream Anthropic OAuth flow, which passes state through to the token exchange for server-side validation rather than client-side.