Skip to content

[codex] Add auth JSON paste import#68

Open
hoangduy0308 wants to merge 1 commit into
seakee:mainfrom
hoangduy0308:codex/add-auth-json-paste
Open

[codex] Add auth JSON paste import#68
hoangduy0308 wants to merge 1 commit into
seakee:mainfrom
hoangduy0308:codex/add-auth-json-paste

Conversation

@hoangduy0308
Copy link
Copy Markdown

@hoangduy0308 hoangduy0308 commented May 11, 2026

What changed

Adds a Paste JSON flow to the Auth Files page so users can create auth files without uploading a local file.

  • Added a new AuthJsonPasteModal with auth type selection, file name validation, JSON textarea input, and save/error states.
  • Added sessionAuthConverter to validate CPA auth JSON directly or convert ChatGPT Web session JSON into CPA Codex auth format.
  • Added public-behavior tests for CPA passthrough, session conversion, invalid access token rejection, and safe default file names.
  • Added localized UI strings for English, Russian, Simplified Chinese, and Traditional Chinese.
  • Hardened auth file text saving so upload failures raise an error instead of being treated as success.

Why

Users may only have auth/session JSON copied from another source and should not need to create a temporary local file before importing it into CPA Manager.

Impact

The Auth Files page now has a Paste JSON action next to upload. CPA JSON is saved as-is after object validation. ChatGPT Web session JSON is converted into the CPA Codex auth shape before upload, including account identity, token fields, expiration, and a safe generated file name when the default name is used.

Validation

  • npm test -- --run src/features/authFiles/sessionAuthConverter.test.ts
  • npm run build

@seakee
Copy link
Copy Markdown
Owner

seakee commented May 11, 2026

Thanks for the PR. The feature direction looks good, and the paste-based JSON import flow is useful.

I’d suggest a few changes before merging:

  1. Please don’t synthesize an unsigned id_token with alg: none. If no real idToken exists, either omit id_token or reject the import with a clear error.

  2. expired should not prefer the access token exp, since access tokens are often short-lived. Explicit session expiration fields should take priority.

  3. Session detection seems a bit strict. Real session JSON may split token and user/profile data across different nested fields, so a root-level aggregation path would make this more robust.

  4. CPA JSON passthrough should have minimal validation. Right now any object like { "foo": "bar" } could be saved as an auth file.

  5. Please add a few edge-case tests for missing idToken, expiration priority, nested session/user structures, invalid CPA JSON, and malformed JWTs.

Also, GitHub flags hidden/bidirectional Unicode in some changed files, so please clean those up before merging.

Overall, I support the feature, but I’d request changes before merging.

@hoangduy0308 hoangduy0308 force-pushed the codex/add-auth-json-paste branch from 01554d9 to 881a596 Compare May 11, 2026 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hoangduy0308 @seakee