feat(auth): multi-account OAuth support with auto-relogin

[mguttmann]

Summary

• Add support for multiple OAuth accounts per provider with automatic credential rotation
• Implement browser-based auto-relogin for expired tokens using Puppeteer
• Track per-request credentials with AsyncLocalStorage context

Closes #11830

Changes

Backend

File	Description
auth/index.ts	Multi-record OAuth store (add/remove/list accounts)
auth/rotating-fetch.ts	Automatic failover on rate limits or auth failures
auth/browser.ts	Puppeteer-based session management for auto-relogin
auth/credential-manager.ts	Event-driven failover notifications
auth/context.ts	AsyncLocalStorage for per-request credential tracking
config/config.ts	oauth config block (cooldowns, retries, max attempts)
cli/cmd/auth.ts	Browser session management CLI commands
server/routes/provider.ts	Account CRUD, usage, browser session API endpoints
server/server.ts	Root-level auth routes
provider/provider.ts	Rotating-fetch integration

Frontend

File	Description
settings-providers.tsx	Manage accounts, set active, view usage
session-context-tab.tsx	Show active account per session
dialog-settings.tsx	Settings tabs structure

SDK

• Regenerated from server routes with all new endpoints

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Potential Duplicate PRs Found

1. feat(auth): OAuth Marathon - multi-account credential rotation (feat(auth): OAuth Marathon - multi-account credential rotation #8590)

   • feat(auth): OAuth Marathon - multi-account credential rotation #8590
   • Why related: Directly addresses multi-account credential rotation, which is the core feature of PR feat(auth): multi-account OAuth support with auto-relogin #11832. Likely overlaps on the same functionality.

2. feat(openai-oauth) OpenAI OAuth multi account support (feat(openai-oauth) OpenAI OAuth multi account support #8536)

   • feat(openai-oauth) OpenAI OAuth multi account support #8536
   • Why related: Implements multi-account OAuth support, though potentially specific to OpenAI. May have shared patterns with the generic multi-account implementation in feat(auth): multi-account OAuth support with auto-relogin #11832.

3. feat(usage): unified usage tracking with auth refresh ([FEATURE] Add unified usage tracking via /usage (#9545) #9281) (feat(usage): unified usage tracking with auth refresh (#9281) #9545)

   • feat(usage): unified usage tracking with auth refresh (#9281) #9545
   • Why related: Includes auth refresh logic which relates to the auto-relogin functionality in feat(auth): multi-account OAuth support with auto-relogin #11832.

I'd recommend reviewing #8590 most closely as it appears to address the same multi-account credential rotation feature set.

[mguttmann]

Thanks for the duplicate analysis! Here's how this PR compares to the flagged ones:

PR	Status	Comparison
#8590 (OAuth Marathon)	Open	Similar goal. This PR builds on that concept with additional features: Puppeteer-based auto-relogin for expired tokens, AsyncLocalStorage per-request credential context, event-driven failover via credential-manager, and a complete Settings UI for managing accounts
#8536 (OpenAI multi-account)	Open	OpenAI-specific. This PR is provider-agnostic — works with any OAuth provider, not just OpenAI
#9545 (usage tracking + auth refresh)	Open	Partial overlap on auth refresh. This PR has a dedicated browser.ts (828 lines) for full browser session management, not just token refresh

Key differentiators of this PR:

• 🔄 rotating-fetch.ts — Automatic failover with configurable cooldowns, retries, and max attempts
• 🌐 browser.ts — Puppeteer-based auto-relogin for expired tokens (no manual re-auth needed)
• 📊 Full account management UI in Settings (add/remove accounts, set active, view usage)
• 🧵 auth/context.ts — AsyncLocalStorage for per-request credential tracking
• ⚙️ oauth config block with tunable rotation parameters

This is a clean split from the closed #9972 — focused solely on multi-account + auto-relogin (YOLO mode is in separate PR #11833).

[mguttmann]

[mguttmann]

[dan-myles]

YO I NEED THIS

[mguttmann]

Thanks! 🙌 If you want to try it now, you can build from the branch — it's fully working and all CI checks pass.

[NotFiliberto]

i need this too

[NotFiliberto]

any change to have this merged in the main branch?

[mguttmann]

Hey @NotFiliberto — I'd love to see it merged too! It's up to the OpenCode maintainers at this point. CI is green, the feature is complete, and it's been working well in my daily builds. Currently waiting on developer feedback / review. Fingers crossed! 🤞

[kfiramar]

That'd be extremely helpful

[MiasmaAnagnorisis]

Thank you for implementing this! Really appreciate having legitimate multi-account OAuth rotation without needing workarounds.

[rkdxodud-tyk]

Oh i need this

[patrick-zanzarini]

this is amazing, hope it gets merged soon

[dreadl0ck]

great feature, please merge 🙌

[tomasz-grabowski]

Yep, great feature.

[IsraelAraujo70]

Its a really good PR.
Saddly maybe it wont get merged due to TOS violations.
But what if MAYBE we did a plugin that does this, what do you guys think?

[dan-myles]

I think a plugin would be great!

[lucashutch]

This feature would be awesome for me.
The ability to oauth with my work account and personal account and then swap between these depending on my home projects and work projects without having to re-auth every time i switch would be amazing.

Dont necessarily need the quota limit auto rollover for this to be useful

[Aaalice233]

Need this !

[NemesisHubris]

I built and have been using for about a week. Works great thanks for implementing this!

[blurskye]

when will this be added, if not making plugin will be better

[febryanvaldo]

Hell yeah... That's why i love OpenCode, its community is thriving

[RicardoMonteiroSimoes]

The automatic fail over is probably a bit over the top for this, no? Manual change would be enough, but auto fail over would incentivize abuse of providers, which they will definitely not be too happy about. I'd argue that this with manual change alone would do the trick? 😄

[mguttmann]

Thanks for the feedback @RicardoMonteiroSimoes!

You raise a valid point about automatic failover. I'd be open to making it manual-only if that's what the maintainers prefer — the core value (switching between work/personal accounts without re-auth) would still be there.

That said, as long as there's no official feedback from the OpenCode developers, I'll keep the auto-switch functionality as-is. It's been working well in my daily builds and several community members have confirmed it works great for them too.

Unfortunately, it seems like this PR hasn't caught the maintainers' attention yet — no reviews or comments from the dev team so far. 🤷‍♂️

If any maintainers are reading this: I'm happy to adjust the implementation based on your feedback (e.g., remove auto-failover, make it a plugin, etc.). Just let me know what direction you'd prefer!

[RicardoMonteiroSimoes]

@mguttmann absolutely understandable, just thinking out loud from the PoV of a provider. To be fair their contribution guidelines do define that this should be first discussed in an issue... which exists, so who knows :)

[febryanvaldo]

Ahh never mind, just create my own account switcher without messing with OpenCode packages, so when OpenCode update, my account switcher will be good :D

...