v3.10.3 — Remove all hardcoded OAuth secrets, load from ~/.config/codex-launcher/oauth-secrets.json

2026-05-25 13:34:09 +04:00
parent b0bbf6034a
commit 81bc70a6b7
3 changed files with 18 additions and 6 deletions
--- a/src/codex-launcher-gui
+++ b/src/codex-launcher-gui
@@ -3273,9 +3273,17 @@ class EditEndpointDialog(Gtk.Dialog):
        is_antigravity = oauth_provider == "google-antigravity"
        token_path = os.path.expanduser("~/.cache/codex-proxy/google-antigravity-oauth-token.json" if is_antigravity else "~/.cache/codex-proxy/google-cli-oauth-token.json")

+        _oauth_secrets_path = os.path.expanduser("~/.config/codex-launcher/oauth-secrets.json")
+        try:
+            with open(_oauth_secrets_path) as _f:
+                _oauth_secrets = json.load(_f)
+        except Exception:
+            _oauth_secrets = {}
+
        if is_antigravity:
-            CLIENT_ID = "REDACTED_ANTIGRAVITY_CLIENT_ID"
-            CLIENT_SECRET = "REDACTED_ANTIGRAVITY_SECRET"
+            _sec = _oauth_secrets.get("antigravity", {})
+            CLIENT_ID = _sec.get("client_id", "")
+            CLIENT_SECRET = _sec.get("client_secret", "")
            SCOPES = [
                "https://www.googleapis.com/auth/cloud-platform",
                "https://www.googleapis.com/auth/userinfo.email",
@@ -3288,8 +3296,9 @@ class EditEndpointDialog(Gtk.Dialog):
            callback_path = "/oauth-callback"
            provider_kind = "antigravity"
        else:
-            CLIENT_ID = "REDACTED_GEMINI_CLI_CLIENT_ID"
-            CLIENT_SECRET = "REDACTED_GEMINI_CLI_SECRET"
+            _sec = _oauth_secrets.get("gemini_cli", {})
+            CLIENT_ID = _sec.get("client_id", "")
+            CLIENT_SECRET = _sec.get("client_secret", "")
            SCOPES = [
                "https://www.googleapis.com/auth/cloud-platform",
                "https://www.googleapis.com/auth/userinfo.email",