Skip to content

feat: auto re-auth via kiro-cli login when all accounts are permanently unhealthy#80

Open
leecoder wants to merge 1 commit intotickernelz:masterfrom
leecoder:feat/auto-reauth-kiro-cli
Open

feat: auto re-auth via kiro-cli login when all accounts are permanently unhealthy#80
leecoder wants to merge 1 commit intotickernelz:masterfrom
leecoder:feat/auto-reauth-kiro-cli

Conversation

@leecoder
Copy link
Copy Markdown
Contributor

@leecoder leecoder commented Apr 10, 2026

Problem

When all accounts become permanently unhealthy (e.g. after invalid_grant, account suspension, or token expiry), the plugin throws:

Error: All accounts are permanently unhealthy (quota exceeded or suspended)

This requires the user to manually restart OpenCode and re-authenticate.

Approach

Alternative to #70 — instead of using OpenCode's built-in OAuth device-code flow (client.provider.oauth.authorize()), this uses kiro-cli login to trigger the native browser-based re-authentication via https://app.kiro.dev/signin.

This approach works for users who authenticate through the Kiro CLI web login flow rather than the IDC device-code flow.

Changes

  • When allAccountsPermanentlyUnhealthy() is detected, instead of throwing, run kiro-cli login as a subprocess to trigger browser-based re-auth
  • After login completes, sync fresh tokens from the kiro-cli SQLite database and reload accounts
  • Resume the request loop with new valid tokens
  • Show toast notifications for re-auth progress and result
  • 120 second timeout for the login process
  • No changes to plugin.ts or auth-handler.ts — only request-handler.ts is modified

Result

Users no longer need to manually restart or re-authenticate — the plugin recovers automatically by launching kiro-cli login when tokens go permanently invalid.

Related: #43, #70

@leecoder
feat: auto re-auth via kiro-cli login when all accounts are permanent…
153c574 
…ly unhealthy

When all accounts become permanently unhealthy (e.g. after invalid_grant,
account suspension, or token expiry), instead of throwing an error, the
plugin now automatically runs 'kiro-cli login' to trigger browser-based
re-authentication via https://app.kiro.dev/signin.

After login completes, fresh tokens are synced from the kiro-cli database
and the request loop resumes with valid credentials.

This is an alternative approach to tickernelz#70 that uses kiro-cli's native browser
login flow instead of OpenCode's built-in OAuth device-code flow.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@leecoder