Document oc-chatgpt-multi-auth authentication support

kargnas · kargnas · commit 77845ffe34e7 · 2026-04-04T01:29:05.000+09:00
diff --git a/README.md b/README.md
@@ -58,6 +58,10 @@ Download the latest `.dmg` file from the [**Releases**](https://github.com/opggi
 | **GitHub Copilot** | Quota-based | Multi-account, daily history, overage tracking, auth source labels |
 
 ### OpenCode Plugins
+- **ChatGPT / Codex**
+  - `ndycode/oc-chatgpt-multi-auth`
+  - Reads `~/.opencode/openai-codex-accounts.json` and `~/.opencode/projects/*/openai-codex-accounts.json`
+  - Also understands plugin-managed OpenCode `auth.json` fields such as `idToken`, `accountIdOverride`, and `organizationIdOverride`
 - **Antigravity/Gemini**
   - `NoeFabris/opencode-antigravity-auth` (writes `~/.config/opencode/antigravity-accounts.json`)
   - `jenslys/opencode-gemini-auth` (writes `google.oauth` in OpenCode `auth.json`)
@@ -75,8 +79,10 @@ Download the latest `.dmg` file from the [**Releases**](https://github.com/opggi
   - **Browser Cookies** - Chrome, Brave, Arc, Edge session cookies
   - Multiple accounts from different sources are automatically deduplicated and merged
 - **Codex**
+  - **OpenCode + oc-chatgpt-multi-auth** - Auto-detected from OpenCode `auth.json` plus `~/.opencode/.../openai-codex-accounts.json`
   - **Codex for Mac** - Auto-detected through `~/.codex/auth.json`
   - **Codex CLI** - Auto-detected through `~/.codex/auth.json`
+  - **codex-lb** - Auto-detected through `~/.codex-lb/`
 - **Claude Code CLI** - Keychain-based authentication detection
 
 ## Features
@@ -354,8 +360,8 @@ Quit (⌘Q)
 
 ## How It Works
 
-1. **Token Discovery**: Reads authentication tokens from OpenCode's `auth.json` (with multi-path fallback)
-2. **Multi-Source Account Discovery**: For providers like GitHub Copilot, discovers accounts from multiple sources (OpenCode auth, CLI Keychain, VS Code config, browser cookies) and deduplicates by login/email
+1. **Token Discovery**: Reads authentication tokens from OpenCode's `auth.json` (with multi-path fallback), including plugin-managed OpenAI metadata
+2. **Multi-Source Account Discovery**: For providers like ChatGPT and GitHub Copilot, discovers accounts from multiple sources (OpenCode auth, OpenCode plugin files, CLI/Keychain/config stores, browser cookies) and deduplicates them by stable account metadata
 3. **Parallel Fetching**: Queries all provider APIs simultaneously using TaskGroup
 4. **Smart Caching**: Falls back to cached data on network errors
 5. **Graceful Degradation**: Shows available providers even if some fail
@@ -377,6 +383,13 @@ The app searches for `auth.json` in these locations (in order):
 2. `~/.local/share/opencode/auth.json` (default)
 3. `~/Library/Application Support/opencode/auth.json` (macOS fallback)
 
+For ChatGPT/Codex multi-account setups, the app also searches:
+1. `~/.opencode/auth/openai.json`
+2. `~/.opencode/openai-codex-accounts.json`
+3. `~/.opencode/projects/*/openai-codex-accounts.json`
+
+If `oc-chatgpt-multi-auth` is installed and OpenCode sets `provider.openai.options.baseURL` to a localhost proxy, OpenCode Bar still queries the direct ChatGPT usage endpoint by default. Only the explicit `opencode-bar.codex.usageURL` override changes the usage endpoint.
+
 ### GitHub Copilot not showing
 GitHub Copilot accounts are discovered from multiple sources (in priority order):
 1. **OpenCode auth** — `copilot` entry in OpenCode `auth.json`
diff --git a/docs/AI_USAGE_API_REFERENCE.md b/docs/AI_USAGE_API_REFERENCE.md
@@ -7,7 +7,8 @@
 | Provider | Token File |
 |----------|-----------|
 | Claude | `~/.config/opencode/opencode-anthropic-auth/accounts.json`, `~/.local/share/opencode/auth.json`, `~/.config/claude-code/auth.json`, macOS Keychain (`Claude Code-credentials`, `Claude Code`) |
-| Codex, Copilot, Nano-GPT, MiniMax | `~/.local/share/opencode/auth.json` |
+| Codex / ChatGPT | `~/.local/share/opencode/auth.json`, `~/.opencode/auth/openai.json`, `~/.opencode/openai-codex-accounts.json`, `~/.opencode/projects/*/openai-codex-accounts.json`, `~/.codex/auth.json`, `~/.codex-lb/` |
+| Copilot, Nano-GPT, MiniMax | `~/.local/share/opencode/auth.json` |
 | Antigravity (Gemini) | `~/.config/opencode/antigravity-accounts.json` |
 | Antigravity (Local cache) | `~/Library/Application Support/Antigravity/User/globalStorage/state.vscdb` |
 
@@ -69,15 +70,23 @@ The bundled [`scripts/query-claude.sh`](/Users/kargnas/projects/opencode-bar/scr
 
 **Endpoint:** `GET https://chatgpt.com/backend-api/wham/usage`
 
+OpenCode Bar uses the direct ChatGPT usage endpoint by default. If `oc-chatgpt-multi-auth` sets OpenCode's `provider.openai.options.baseURL` to a localhost proxy, that proxy is ignored for usage requests unless `opencode-bar.codex.usageURL` is explicitly configured.
+
 ```bash
 ACCESS=$(jq -r '.openai.access' ~/.local/share/opencode/auth.json)
-ACCOUNT_ID=$(jq -r '.openai.accountId' ~/.local/share/opencode/auth.json)
+ACCOUNT_ID=$(jq -r '
+  .openai.accountIdOverride
+  // .openai.organizationIdOverride
+  // .openai.accountId
+' ~/.local/share/opencode/auth.json)
 
 curl -s "https://chatgpt.com/backend-api/wham/usage" \
   -H "Authorization: Bearer $ACCESS" \
   -H "ChatGPT-Account-Id: $ACCOUNT_ID"
 ```
 
+For `oc-chatgpt-multi-auth` account files, prefer the canonical ChatGPT account ID from the access token claims when present. The plugin's `accountId` may be an organization ID (`org-*`) for the selected workspace, while the JWT claim `https://api.openai.com/auth.chatgpt_account_id` is the stable per-account identifier.
+
 **Response:**
 ```json
 {
@@ -398,7 +407,13 @@ Client Secret: Set GEMINI_CLIENT_SECRET environment variable
     "access": "eyJ...",
     "refresh": "rt_...",
     "expires": 1770563557150,
-    "accountId": "uuid"
+    "accountId": "uuid",
+    "idToken": "eyJ...",
+    "multiAccount": true,
+    "accountIdOverride": "org-selected-account",
+    "organizationIdOverride": "org-selected-account",
+    "accountIdSource": "org",
+    "accountLabel": "Personal [id:abc123]"
   },
   "github-copilot": {
     "type": "oauth",
@@ -413,6 +428,44 @@ Client Secret: Set GEMINI_CLIENT_SECRET environment variable
 }
 ```
 
+`oc-chatgpt-multi-auth` may leave `accountId` unset in `auth.json` and instead store the selected workspace in `accountIdOverride` / `organizationIdOverride`. OpenCode Bar derives the canonical ChatGPT account ID from the OpenAI JWT claims and keeps the override value as additional metadata when needed.
+
+### OpenCode ChatGPT Multi-Auth (`~/.opencode/projects/*/openai-codex-accounts.json`)
+
+```json
+{
+  "version": 3,
+  "accounts": [
+    {
+      "accountId": "org-example-account",
+      "organizationId": "org-example-account",
+      "accountIdSource": "org",
+      "accountLabel": "Personal [id:abc123]",
+      "email": "user@example.com",
+      "refreshToken": "oaistb_rt_...",
+      "accessToken": "eyJ...",
+      "expiresAt": 1776088595278
+    },
+    {
+      "accountId": "058af373-bff1-4490-98b7-2a71290ae604",
+      "accountIdSource": "token",
+      "accountLabel": "Token account [id:0ae604]",
+      "email": "user@example.com",
+      "refreshToken": "oaistb_rt_...",
+      "accessToken": "eyJ...",
+      "expiresAt": 1776088595278
+    }
+  ],
+  "activeIndex": 0,
+  "activeIndexByFamily": {
+    "gpt-5.4": 0,
+    "gpt-5.4-mini": 0
+  }
+}
+```
+
+OpenCode Bar reads every entry in these files, canonicalizes account IDs from the JWT claims, and merges duplicates with the OpenCode auth, Codex native auth, and `codex-lb` sources.
+
 ### Antigravity Accounts (`~/.config/opencode/antigravity-accounts.json`)
 
 ```json
