| 76 | } |
| 77 | |
| 78 | function buildAuthorizeUrl(redirectUri: string, pkce: PkceCodes, state: string): string { |
| 79 | const params = new URLSearchParams({ |
| 80 | response_type: "code", |
| 81 | client_id: CLIENT_ID, |
| 82 | redirect_uri: redirectUri, |
| 83 | scope: "openid profile email offline_access", |
| 84 | code_challenge: pkce.challenge, |
| 85 | code_challenge_method: "S256", |
| 86 | id_token_add_organizations: "true", |
| 87 | codex_cli_simplified_flow: "true", |
| 88 | state, |
| 89 | originator: "opencode", |
| 90 | }) |
| 91 | return `${ISSUER}/oauth/authorize?${params.toString()}` |
| 92 | } |
| 93 | |
| 94 | interface TokenResponse { |
| 95 | id_token: string |