Skip to content

feat: Multi-Account OAuth Rotation with Settings UI and CLI Enhancements#9069

Closed
mguttmann wants to merge 20 commits intoanomalyco:devfrom
mguttmann:feat/multi-account-oauth-rotation-and-settings
Closed

feat: Multi-Account OAuth Rotation with Settings UI and CLI Enhancements#9069
mguttmann wants to merge 20 commits intoanomalyco:devfrom
mguttmann:feat/multi-account-oauth-rotation-and-settings

Conversation

@mguttmann
Copy link

@mguttmann mguttmann commented Jan 17, 2026
edited
Loading

Summary

Implements comprehensive multi-account OAuth support with automatic rate limit rotation, manual account switching, ability to delete individual accounts, and a new Settings menu for the desktop app.

Closes #9068

Changes

Backend - OAuth Pool Enhancements

  • Auth.OAuthPool.setActive() - Manually switch active OAuth account
  • Auth.OAuthPool.removeRecord() - Delete individual OAuth accounts
  • Auth.OAuthPool.snapshot() - Returns activeID for credential selection
  • rotating-fetch.ts - Prefers activeID while preserving auto-rotation on 429
  • fetchAnthropicUsage() - Respects provider.active[namespace]
  • getAccounts() - Correctly identifies active account

API

  • POST /auth/active - Switch active account, returns updated usage data
  • DELETE /auth/account - Delete individual OAuth account

Desktop App

New Settings Menu (DialogSettings):

  • Providers Tab: Connected providers, add new with search
  • Provider Detail: Account list, usage bars, switch functionality
  • Delete Button: Remove individual accounts with confirmation
  • About Tab: GitHub, docs, Discord, keyboard shortcuts

Context Panel:

  • Anthropic Rate Limits section (5h, 7d-all, 7d-sonnet bars)
  • Account switch buttons
  • Only visible for Anthropic sessions

CLI

  • opencode auth usage: Per-account usage with rate limits
  • opencode auth switch: Interactive account switching
  • opencode auth logout: Now supports selecting individual accounts to remove
  • opencode auth list: Shows account counts
  • All lists sorted alphabetically

Delete Individual Accounts

CLI

$ opencode auth logout

┌  Remove credential
│
◆  Select provider
│  ● Anthropic (oauth)
│
◆  Remove which account?
│  ○ Remove all accounts (3 accounts)
│  ○ Account 1
│  ○ Account 2 
│  ● Account 3
│
◐  Account removed. 2 accounts remaining.
│
└  Done

Desktop

In Settings → Providers → [Provider]:

  • Each account has a delete button (X icon)
  • Two-step confirmation to prevent accidents
  • Shows loading state during deletion
  • Auto-navigates back when last account is removed

Auto-Rotation Flow

1. Request with activeID (manually selected or first available)
2. On 429 rate limit:
   - Account gets cooldownUntil
   - Account moved to back of queue
   - Loop continues with next candidate
3. Next available account used automatically

Files Changed

Package File Description
opencode auth/index.ts Core OAuth pool functions incl. removeRecord()
opencode auth/rotating-fetch.ts Credential selection logic
opencode server/server.ts /auth/active and /auth/account endpoints
opencode cli/cmd/auth.ts CLI commands with logout account selection
app dialog-settings.tsx Settings dialog with delete buttons
app session-context-tab.tsx Context panel usage section
app layout.tsx Settings button
sdk sdk.gen.ts, types.gen.ts Regenerated

Testing

CLI

opencode auth list      # Shows providers with account counts
opencode auth usage     # Shows per-account stats with rate limits
opencode auth switch    # Interactive account switching
opencode auth logout    # Select individual accounts to remove

Desktop

  1. Click ⚙️ Settings button → Providers tab
  2. Click connected provider → View accounts and usage
  3. Switch accounts → Verify bars update
  4. Click X on account → Confirm deletion
  5. Open Anthropic session → Context panel shows rate limits

Limitations

  • Usage statistics: Anthropic only (OAuth API limitation)
  • Multi-account: Anthropic, OpenAI, GitHub Copilot
  • Other providers: Contributions welcome

Checklist

  • Backend OAuth pool enhancements
  • API endpoints for account switching and deletion
  • Desktop Settings menu with delete buttons
  • Context panel integration
  • CLI commands with logout account selection
  • Alphabetical sorting
  • Auto-rotation preserved
  • Local state updates (no full refresh on switch)

@github-actions
Copy link
Contributor

github-actions bot commented Jan 17, 2026

The following comment was made by an LLM, it may be inaccurate:

Potential Related PRs Found

#8590 - feat(auth): OAuth Marathon - multi-account credential rotation

#6905 - feat: display Anthropic and OpenAI OAuth usage in status dialog and sidebar

#5158 - add ratelimiter to opencode server

@mguttmann
Copy link
Author

mguttmann commented Jan 17, 2026

Context on Related PRs

PR Status Relationship
#8590 Closed Earlier implementation attempt. This PR provides a complete, production-ready version.
#6905 Merged Basic OAuth usage display. This PR extends with multi-account support and Settings UI.
#5158 Merged Server rate limiter. This PR handles client-side rate limit rotation (429 responses).
#8912 Merged Usage dashboard foundation. This PR builds the full feature on top.

This PR represents the complete implementation of multi-account OAuth with:

  • Backend credential rotation ✅
  • API endpoints ✅
  • Desktop Settings UI ✅
  • Context panel integration ✅
  • CLI commands ✅

All functionality has been tested and works together cohesively.

This was referenced Jan 18, 2026
Closed
Closed
This was referenced Jan 18, 2026
Open
Open
Closed
gwizz and others added 15 commits January 21, 2026 22:36
feat(auth): oauth multi-account failover
dbe1884
Add OAuth credential failover with toasts
4586e63
fix(auth): improve oauth failover notifications
2036a37
Increase failover toast duration
e846fd4
Improve OAuth rotation resiliency
238066e
Add OAuth retry edge case tests
b63d520
Relax auth store updates under lock contention
103ca9f
Rotate oauth on non-network errors
4287fa6 
Non-network errors seen in logs:

- AI_APICallError (402 deactivated_workspace)

- AI_APICallError (500 server_error)

- AI_LoadAPIKeyError / OpenAI API key is missing

- ProviderInitError

- ConfigInvalidError

- ProviderAuthOauthCallbackFailed

- NotFoundError

- EditBuffer is destroyed
feat(auth): add usage API endpoint with Anthropic rate limits
77e30a4 
- Add getUsage() to fetch OAuth account status and health
- Add fetchAnthropicUsage() to fetch Claude Max rate limits from Anthropic API
- Add GET /auth/usage endpoint to expose usage data
feat(app): add auth usage dashboard dialog
7c932ab 
- Add DialogAuthUsage component with rate limit visualization
- Display Anthropic 5-hour and 7-day limits with progress bars
- Show OAuth account status, cooldown state, and request counts
- Add button in sidebar to open the dialog
feat(cli): add 'auth usage' command
11cc3b9 
- Add AuthUsageCommand to display rate limit info in terminal
- Show account status, cooldown state, and request counts
- Display Anthropic rate limits when available
fix: remove invalid step-start parts from UIMessage conversion
05b2900 
The AI SDK's convertToModelMessages() does not accept 'step-start' as a valid
UIMessagePart type. This caused AI_InvalidPromptError during session compaction.

- Remove step-start from being added to UIMessage parts
- Simplify the filter since step-start is no longer included
- Fixes compaction breaking sessions with context overflow
feat: multi-account OAuth rotation with settings UI and CLI enhancements
abffa95 
Implements comprehensive multi-account OAuth support with automatic rate limit
rotation, manual account switching, and a new Settings menu for the desktop app.

- Add `Auth.OAuthPool.setActive()` to manually switch active OAuth account
- Add `Auth.OAuthPool.snapshot()` returns `activeID` for credential selection
- Update `rotating-fetch.ts` to prefer `activeID` while keeping auto-rotation
- Update `fetchAnthropicUsage()` to respect `provider.active[namespace]`
- Update `getAccounts()` to correctly identify active account

- Add `POST /auth/active` endpoint to switch active OAuth account
- Returns updated `anthropicUsage` for immediate UI updates

- New `DialogSettings` component with tabbed interface
- **Providers Tab**: View connected providers, add new providers with search
- **Provider Detail View**: Account list, usage stats, switch functionality
- **About Tab**: GitHub, docs, Discord links, keyboard shortcuts
- Inline provider search without leaving settings context

- Add Anthropic Rate Limits section in session context panel
- Shows 5-hour, weekly (all models), weekly (sonnet) usage bars
- Account switch buttons when multiple accounts configured
- Only visible when current session uses Anthropic provider

- `opencode auth usage`: Shows individual usage per OAuth account
- `opencode auth switch`: Interactive command to switch active account
- `opencode auth list`: Shows account count per provider
- All provider lists now sorted alphabetically

- `packages/opencode/src/auth/index.ts`: Core OAuth pool functions
- `packages/opencode/src/auth/rotating-fetch.ts`: Credential selection
- `packages/opencode/src/server/server.ts`: API endpoint
- `packages/opencode/src/cli/cmd/auth.ts`: CLI commands
- `packages/app/src/components/dialog-settings.tsx`: New settings UI
- `packages/app/src/components/session/session-context-tab.tsx`: Context panel
- `packages/app/src/pages/layout.tsx`: Settings button integration

1. Request uses `activeID` (manually selected or first available)
2. On 429 rate limit → account gets cooldown, moved to back
3. Next request automatically uses next available account
4. Manual switch via UI/CLI updates `provider.active[namespace]`

Currently only Anthropic provides OAuth usage statistics.
Other providers show multi-account switching but no usage bars.
Contributions welcome for additional provider support.
feat: add ability to delete individual OAuth accounts
b541aca 
- Add Auth.OAuthPool.removeRecord() to remove individual OAuth accounts
- Add DELETE /auth/account API endpoint for Desktop app
- Update CLI 'opencode auth logout' to select specific accounts
- Add delete button with confirmation in Desktop Provider settings
fix: adapt multi-account features to new modular settings structure
3c1140f 
- Move auth endpoints to provider routes
- Add delete account functionality to dialog-auth-usage
- Fix duplicate imports in layout.tsx
- Fix message-v2.ts convertToModelMessages call
- Regenerate SDK types
@mguttmann mguttmann force-pushed the feat/multi-account-oauth-rotation-and-settings branch from 35b1cd5 to 3c1140f Compare January 21, 2026 21:43
@mguttmann
Copy link
Author

mguttmann commented Jan 21, 2026

Rebased to latest dev (936f3eb)

This PR has been rebased onto the latest dev branch and adapted to the new modular settings structure:

Changes in this update:

  • Rebased onto latest upstream (v1.1.30+)
  • Moved auth endpoints (/auth/usage, /auth/active, /auth/account) to /provider/auth/* routes
  • Added delete account functionality with confirmation UI in dialog-auth-usage.tsx
  • Fixed duplicate imports and type issues
  • Regenerated SDK types

Features preserved:

  • Multi-account OAuth rotation with automatic failover
  • Account health tracking and cooldown management
  • Rate limit display for Anthropic accounts
  • Account switching and deletion UI

Testing:

  • TypeScript compilation passes
  • CLI builds successfully

Ready for review!

@mguttmann mguttmann mentioned this pull request Jan 21, 2026
Closed
@mguttmann
Copy link
Author

mguttmann commented Jan 21, 2026

Update: Rebased onto latest dev (v1.1.30+)

Branch has been rebased and updated to work with the new modular settings structure.

Changes since last update:

  • Added missing /auth/usage endpoint for the usage dashboard
  • Adapted to new modular settings components (no more monolithic dialog-settings.tsx)
  • Auth endpoints moved to /provider/auth/* routes
  • SDK regenerated

Features included:

  • Multi-account OAuth rotation with automatic failover
  • Auth usage dashboard with Anthropic rate limits
  • Delete individual OAuth accounts
  • CLI commands: opencode auth usage, opencode auth switch

Typecheck passes ✅ | Build passes ✅

This is the base PR for #9073 (YOLO Mode) and #9455 (Auto-Relogin).

@mguttmann mguttmann mentioned this pull request Jan 21, 2026
Closed
9 tasks
@mguttmann mguttmann mentioned this pull request Jan 21, 2026
Closed
8 tasks
Claude Agent added 3 commits January 22, 2026 00:38
feat(app): add Providers tab to Settings with multi-account UI
5258403 
- Enable Providers tab in Settings dialog
- Full provider management: list, add, view details
- Account switching and deletion
- Rate limits display for Anthropic
- Multi-account OAuth rotation info
- Auto-rotation when rate limits hit
feat(app): add Auto-Relogin section to Providers settings
ae3984a 
- Add browser session management UI for Anthropic accounts
- Setup/Test/Remove buttons per account
- Show last refresh time
- Experimental label for the feature
feat(auth): add browser session endpoints for auto-relogin
d02c81c 
- Restore browser.ts with Puppeteer-based browser session management
- Add browser session routes to provider.ts:
  - GET /auth/browser/sessions - list all sessions
  - GET /auth/browser/sessions/:recordId - get session status
  - POST /auth/browser/sessions/:recordId/setup - setup browser session
  - POST /auth/browser/sessions/:recordId/refresh - refresh tokens
  - DELETE /auth/browser/sessions/:recordId - remove session
- Add updateRecord() to OAuthPool for browser session sync
@mguttmann
Copy link
Author

mguttmann commented Jan 22, 2026

Closing in favor of combined PR with all features (Multi-Account, YOLO Mode, Auto-Relogin)

@mguttmann mguttmann closed this Jan 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adamdotdevin adamdotdevin Awaiting requested review from adamdotdevin adamdotdevin is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Multi-Account OAuth Rotation with Settings UI

1 participant

@mguttmann