romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: oauth2

Browse Source
This commit is contained in:
xiaose 2026-01-27 15:49:00 +08:00
parent ec2306371f
commit 48f2f150c3
2 changed files with 30 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
extensions/minimax-portal-auth/index.ts
View File

@ -5,17 +5,11 @@ import { loginMiniMaxPortalOAuth } from "./oauth.js";
const PROVIDER_ID = "minimax-portal"; const PROVIDER_ID = "minimax-portal";
const PROVIDER_LABEL = "MiniMax"; const PROVIDER_LABEL = "MiniMax";
const DEFAULT_MODEL = "MiniMax-M2.1"; const DEFAULT_MODEL = "MiniMax-M2.1";
const DEFAULT_BASE_URL = "https://api.minimax.io/v1"; const DEFAULT_BASE_URL = "https://api.minimax.io/anthropic";
const DEFAULT_CONTEXT_WINDOW = 200000; const DEFAULT_CONTEXT_WINDOW = 200000;
const DEFAULT_MAX_TOKENS = 8192; const DEFAULT_MAX_TOKENS = 8192;
const OAUTH_PLACEHOLDER = "minimax-portal-oauth"; const OAUTH_PLACEHOLDER = "minimax-portal-oauth";
function normalizeBaseUrl(value: string | undefined): string {
const raw = value?.trim() || DEFAULT_BASE_URL;
const withProtocol = raw.startsWith("http") ? raw : `https://${raw}`;
return withProtocol.endsWith("/v1") ? withProtocol : `${withProtocol.replace(/\/+$/, "")}/v1`;
}
function buildModelDefinition(params: { id: string; name: string; input: Array<"text" | "image"> }) { function buildModelDefinition(params: { id: string; name: string; input: Array<"text" | "image"> }) {
return { return {
id: params.id, id: params.id,
@ -41,10 +35,10 @@ const minimaxPortalPlugin = {
aliases: ["minimax"], aliases: ["minimax"],
auth: [ auth: [
{ {
id: "device", id: "oauth",
label: "MiniMax OAuth", label: "MiniMax OAuth",
hint: "Device code login", hint: "User code login",
kind: "device_code", kind: "user_code",
run: async (ctx) => { run: async (ctx) => {
const progress = ctx.prompter.progress("Starting MiniMax OAuth…"); const progress = ctx.prompter.progress("Starting MiniMax OAuth…");
try { try {
@ -57,7 +51,7 @@ const minimaxPortalPlugin = {
progress.stop("MiniMax OAuth complete"); progress.stop("MiniMax OAuth complete");
const profileId = `${PROVIDER_ID}:default`; const profileId = `${PROVIDER_ID}:default`;
const baseUrl = normalizeBaseUrl(result.resourceUrl); const baseUrl = result.resourceUrl || DEFAULT_BASE_URL;
return { return {
profiles: [ profiles: [

39
extensions/minimax-portal-auth/oauth.ts
View File

@ -1,7 +1,7 @@
import { createHash, randomBytes, randomUUID } from "node:crypto"; import { createHash, randomBytes, randomUUID } from "node:crypto";
const MINIMAX_OAUTH_BASE_URL = "https://api.minimax.io"; const MINIMAX_OAUTH_BASE_URL = "https://api.minimax.io";
const MINIMAX_OAUTH_DEVICE_CODE_ENDPOINT = `${MINIMAX_OAUTH_BASE_URL}/oauth/code`; const MINIMAX_OAUTH_CODE_ENDPOINT = `${MINIMAX_OAUTH_BASE_URL}/oauth/code`;
const MINIMAX_OAUTH_TOKEN_ENDPOINT = `${MINIMAX_OAUTH_BASE_URL}/oauth/token`; const MINIMAX_OAUTH_TOKEN_ENDPOINT = `${MINIMAX_OAUTH_BASE_URL}/oauth/token`;
const MINIMAX_OAUTH_CLIENT_ID = "78257093-7e40-4613-99e0-527b14b39113"; const MINIMAX_OAUTH_CLIENT_ID = "78257093-7e40-4613-99e0-527b14b39113";
const MINIMAX_OAUTH_SCOPE = "group_id profile model.completion"; const MINIMAX_OAUTH_SCOPE = "group_id profile model.completion";
@ -14,6 +14,7 @@ export type MiniMaxDeviceAuthorization = {
interval?: number; interval?: number;
has_benefit: boolean; has_benefit: boolean;
benefit_message: string; benefit_message: string;
state: string;
}; };
export type MiniMaxOAuthToken = { export type MiniMaxOAuthToken = {
@ -36,14 +37,18 @@ function toFormUrlEncoded(data: Record<string, string>): string {
.join("&"); .join("&");
} }
function generatePkce(): { verifier: string; challenge: string } { function generatePkce(): { verifier: string; challenge: string; state: string } {
const verifier = randomBytes(32).toString("base64url"); const verifier = randomBytes(32).toString("base64url");
const challenge = createHash("sha256").update(verifier).digest("base64url"); const challenge = createHash("sha256").update(verifier).digest("base64url");
return { verifier, challenge }; const state = randomBytes(16).toString("base64url");
return { verifier, challenge, state };
} }
async function requestDeviceCode(params: { challenge: string }): Promise<MiniMaxDeviceAuthorization> { async function requestOAuthCode(params: {
const response = await fetch(MINIMAX_OAUTH_DEVICE_CODE_ENDPOINT, { challenge: string;
state: string;
}): Promise<MiniMaxDeviceAuthorization> {
const response = await fetch(MINIMAX_OAUTH_CODE_ENDPOINT, {
method: "POST", method: "POST",
headers: { headers: {
"Content-Type": "application/x-www-form-urlencoded", "Content-Type": "application/x-www-form-urlencoded",
@ -55,6 +60,7 @@ async function requestDeviceCode(params: { challenge: string }): Promise<MiniMax
scope: MINIMAX_OAUTH_SCOPE, scope: MINIMAX_OAUTH_SCOPE,
code_challenge: params.challenge, code_challenge: params.challenge,
code_challenge_method: "S256", code_challenge_method: "S256",
state: params.state,
}), }),
}); });
@ -70,10 +76,15 @@ async function requestDeviceCode(params: { challenge: string }): Promise<MiniMax
"MiniMax device authorization returned an incomplete payload (missing user_code or verification_uri).", "MiniMax device authorization returned an incomplete payload (missing user_code or verification_uri).",
); );
} }
if (payload.state !== params.state) {
throw new Error(
"MiniMax OAuth state mismatch: possible CSRF attack or session corruption.",
);
}
return payload; return payload;
} }
async function pollDeviceToken(params: { async function pollOAuthToken(params: {
userCode: string; userCode: string;
verifier: string; verifier: string;
}): Promise<DeviceTokenResult> { }): Promise<DeviceTokenResult> {
@ -142,14 +153,14 @@ export async function loginMiniMaxPortalOAuth(params: {
note: (message: string, title?: string) => Promise<void>; note: (message: string, title?: string) => Promise<void>;
progress: { update: (message: string) => void; stop: (message?: string) => void }; progress: { update: (message: string) => void; stop: (message?: string) => void };
}): Promise<MiniMaxOAuthToken> { }): Promise<MiniMaxOAuthToken> {
const { verifier, challenge } = generatePkce(); const { verifier, challenge, state } = generatePkce();
const device = await requestDeviceCode({ challenge }); const oauth = await requestOAuthCode({ challenge, state });
const verificationUrl = device.verification_uri; const verificationUrl = oauth.verification_uri;
await params.note( await params.note(
[ [
`Open ${verificationUrl} to approve access.`, `Open ${verificationUrl} to approve access.`,
`If prompted, enter the code ${device.user_code}.`, `If prompted, enter the code ${oauth.user_code}.`,
].join("\n"), ].join("\n"),
"MiniMax OAuth", "MiniMax OAuth",
); );
@ -161,13 +172,13 @@ export async function loginMiniMaxPortalOAuth(params: {
} }
const start = Date.now(); const start = Date.now();
let pollIntervalMs = device.interval ? device.interval * 1000 : 2000; let pollIntervalMs = oauth.interval ? oauth.interval * 1000 : 2000;
const timeoutMs = device.expires_in * 1000; const timeoutMs = oauth.expires_in * 1000;
while (Date.now() - start < timeoutMs) { while (Date.now() - start < timeoutMs) {
params.progress.update("Waiting for MiniMax OAuth approval…"); params.progress.update("Waiting for MiniMax OAuth approval…");
const result = await pollDeviceToken({ const result = await pollOAuthToken({
userCode: device.user_code, userCode: oauth.user_code,
verifier, verifier,
}); });