OAuth2 Flows
PRX implements OAuth2 authorization flows for providers that support browser-based authentication. This allows users to authenticate without manually managing API keys.
Supported Flows
Authorization Code Flow
Used by Anthropic (Claude Code), Google Gemini CLI, and Minimax:
- PRX opens a browser to the provider's authorization URL
- User grants permission
- Provider redirects to PRX's local callback server
- PRX exchanges the authorization code for access and refresh tokens
- Tokens are securely stored for future use
Device Code Flow
Used by GitHub Copilot:
- PRX requests a device code from the provider
- User visits a URL and enters the device code
- PRX polls for authorization completion
- Once authorized, tokens are received and stored
Token Management
PRX automatically handles:
- Token caching to avoid repeated authorization
- Refresh token rotation when access tokens expire
- Secure storage of tokens (encrypted at rest)
Configuration
toml
[auth.oauth2]
redirect_port = 8400
token_cache_path = "~/.local/share/openprx/tokens"
auto_refresh = trueCLI Commands
bash
prx auth login anthropic # Start OAuth2 flow for Anthropic
prx auth login copilot # Start device code flow for Copilot
prx auth status # Show auth status for all providers
prx auth logout anthropic # Revoke tokens for Anthropic