Skip to content

fix: stop reading WORKOS_CLIENT_ID for CLI auth#113

Merged
nicknisi merged 1 commit intomainfrom
nicknisi/fix-login-401
Mar 31, 2026
Merged

fix: stop reading WORKOS_CLIENT_ID for CLI auth#113
nicknisi merged 1 commit intomainfrom
nicknisi/fix-login-401

Conversation

@nicknisi
Copy link
Copy Markdown
Member

@nicknisi nicknisi commented Mar 31, 2026
edited
Loading

Summary

  • getCliAuthClientId() was reading WORKOS_CLIENT_ID from the environment to resolve the CLI's OAuth client ID. This collides with the same env var that every WorkOS-integrated app sets for its own client ID.
  • When a user has WORKOS_CLIENT_ID set (common for any WorkOS developer), workos auth login sends their app's client ID to the device auth endpoint, which returns 401 because that client doesn't have the device_code grant type.
  • Fix: return the hardcoded CLI client ID directly — there's no reason for end users to override it.

Test plan

  • pnpm build passes
  • pnpm test passes (1525 tests)
  • pnpm typecheck passes
  • WORKOS_CLIENT_ID=client_01BOGUS workos auth login no longer returns 401
  • workos auth login (no env override) still works as before

@nicknisi
fix: stop reading WORKOS_CLIENT_ID for CLI auth
32b9d57 
The CLI's device auth flow read WORKOS_CLIENT_ID from the environment to
resolve its OAuth client ID. This collides with the same env var that
every WorkOS-integrated app sets for its own client ID, causing 401
errors on `workos auth login` when the user's app client ID lacks the
device_code grant type.

The CLI's auth client ID is a fixed value — hardcode it directly instead
of reading from the environment.
@ajay-k ajay-k self-requested a review March 31, 2026 21:20
ajay-k
ajay-k approved these changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

@ajay-k ajay-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@nicknisi nicknisi merged commit 7bdd851 into main Mar 31, 2026
5 checks passed
@nicknisi nicknisi deleted the nicknisi/fix-login-401 branch March 31, 2026 21:21
@github-actions github-actions bot mentioned this pull request Mar 31, 2026
Merged
@nicknisi nicknisi mentioned this pull request Mar 31, 2026
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ajay-k ajay-k ajay-k approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nicknisi @ajay-k