| 258 | } |
| 259 | |
| 260 | function authorizeURL(redirect: string, pkce: Pkce, state: string) { |
| 261 | return `${issuer}/oauth/authorize?${new URLSearchParams({ |
| 262 | response_type: "code", |
| 263 | client_id: clientID, |
| 264 | redirect_uri: redirect, |
| 265 | scope: "openid profile email offline_access", |
| 266 | code_challenge: pkce.challenge, |
| 267 | code_challenge_method: "S256", |
| 268 | id_token_add_organizations: "true", |
| 269 | codex_cli_simplified_flow: "true", |
| 270 | state, |
| 271 | originator: "opencode", |
| 272 | })}` |
| 273 | } |
| 274 | |
| 275 | function extractAccountID(tokens: TokenResponse) { |
| 276 | return claim(tokens.id_token) ?? claim(tokens.access_token) |