Package Exports
- opencode-qwen-oauth
- opencode-qwen-oauth/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (opencode-qwen-oauth) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
opencode-qwen-oauth
Qwen OAuth authentication plugin for OpenCode - authenticate with Qwen.ai using OAuth device flow (PKCE).
Features
- 🔐 OAuth Device Flow - PKCE-secured authentication, works in headless/CI environments
- 🔄 Automatic Token Refresh - Tokens are refreshed before expiry
- 🌐 Auto Browser Open - Automatically opens browser for authentication
- 📝 File Logging - All OAuth activity logged to
~/.config/opencode/logs/qwen-oauth.log - 🐛 Debug Mode - Enable verbose output with
QWEN_OAUTH_DEBUG=true - 🚀 Easy Install - One-command installation with CLI tool
- 🎯 Custom Headers - Automatically adds Qwen-specific headers to API requests
- ⚙️ Optimized Parameters - Pre-configured temperature and topP settings for Qwen models
- 🌍 Environment Variables - Exposes Qwen credentials to shell environments
- 📊 Event Monitoring - Tracks authentication and session events for debugging
Quick Start
Install
# Using npx (recommended)
npx opencode-qwen-oauth install
# Or using bunx
bunx opencode-qwen-oauth install
# Or install manually
npm install opencode-qwen-oauthThe installer will:
- Add
opencode-qwen-oauthto your.opencode/opencode.jsonplugins - Configure the Qwen provider with models
Authenticate
# Start OpenCode
opencode
# Connect to Qwen
/connectSelect "Qwen Code (qwen.ai OAuth)" and follow the device flow instructions.
Use Qwen Models
/model qwen/qwen3-coder-plusModels
| Model | Context | Features |
|---|---|---|
qwen3-coder-plus |
1M tokens | Optimized for coding |
qwen3-vl-plus |
256K tokens | Vision + language |
Configuration
Debug Mode
Enable verbose logging to console:
QWEN_OAUTH_DEBUG=true opencodeLog Files
All OAuth activity is logged to:
~/.config/opencode/logs/qwen-oauth.logView logs in real-time:
tail -f ~/.config/opencode/logs/qwen-oauth.logManual Configuration
If you prefer manual setup, add to .opencode/opencode.json:
{
"$schema": "https://opencode.ai/config.json",
"plugin": ["opencode-qwen-oauth"],
"provider": {
"qwen": {
"npm": "@ai-sdk/openai-compatible",
"name": "Qwen Code",
"options": {
"baseURL": "https://portal.qwen.ai/v1"
},
"models": {
"qwen3-coder-plus": {
"id": "qwen3-coder-plus",
"name": "Qwen3 Coder Plus"
},
"qwen3-vl-plus": {
"id": "qwen3-vl-plus",
"name": "Qwen3 VL Plus",
"attachment": true
}
}
}
}
}CLI Commands
# Install (default)
npx opencode-qwen-oauth install
# Uninstall
npx opencode-qwen-oauth uninstall
# Help
npx opencode-qwen-oauth --helpTroubleshooting
"Device code expired"
Complete the browser login within 5 minutes of starting /connect.
"invalid_grant" error
Your refresh token has expired. Run /connect to re-authenticate.
Provider not showing in /connect
Use the CLI directly:
opencode auth login qwenBrowser doesn't open automatically (Linux)
The plugin tries multiple methods to open your browser:
- First tries
xdg-open(standard Linux) - Falls back to:
google-chrome,firefox,chromium,brave-browser,microsoft-edge
If none work, manually copy the URL shown in the terminal and open it in your browser.
To ensure browser opening works, install xdg-utils:
# Ubuntu/Debian
sudo apt install xdg-utils
# Fedora/RHEL
sudo dnf install xdg-utils
# Arch Linux
sudo pacman -S xdg-utilsCheck logs
cat ~/.config/opencode/logs/qwen-oauth.logHow It Works
This plugin implements OAuth 2.0 Device Flow (RFC 8628) with PKCE:
- Device Code Request - Plugin requests a device code from Qwen OAuth server
- User Authorization - User visits the verification URL and enters the user code
- Token Polling - Plugin polls for the access token until user authorizes
- Token Storage - Tokens are stored in OpenCode's auth system
- Auto Refresh - Access tokens are refreshed before expiry
Security
- Uses PKCE (RFC 7636) for enhanced security
- No client secret required
- Tokens stored in OpenCode's secure auth storage
- All OAuth activity logged for auditing
Development
# Clone and install
git clone https://github.com/yourusername/opencode-qwen-oauth.git
cd opencode-qwen-oauth
npm install
# Build
npm run build
# Watch mode
npm run dev
# Test locally
npm link
cd /path/to/project
opencode-qwen-oauth installPlugin Architecture
This plugin implements multiple OpenCode plugin hooks:
Hooks Implemented
auth Hook
Provides OAuth device flow authentication with automatic browser opening and token polling.
config Hook
Dynamically registers the Qwen provider and available models with OpenCode.
event Hook
Monitors session events (creation, errors) for debugging and logging.
chat.headers Hook
Injects custom headers for Qwen API requests:
X-Qwen-Client: OpenCodeX-Qwen-Plugin-Version: 1.1.0
chat.params Hook
Optimizes model parameters for Qwen:
- Temperature:
0.7(default) - Top P:
0.95(default)
shell.env Hook
Exposes environment variables to shell commands:
QWEN_API_BASE_URL- Qwen API endpointQWEN_PROVIDER- Provider identifier
Project Structure
opencode-qwen-oauth/
├── src/ # TypeScript source files
│ ├── index.ts # Main plugin with hooks
│ ├── oauth.ts # OAuth device flow logic
│ ├── pkce.ts # PKCE implementation
│ ├── browser.ts # Browser opening utility
│ ├── logger.ts # Logging utilities
│ └── constants.ts # API constants
├── bin/ # CLI scripts
│ └── install.js # Installer script
├── dist/ # Compiled JavaScript (generated)
├── package.json # Package manifest
├── tsconfig.json # TypeScript config
├── LICENSE # MIT license
└── README.md # This fileNote: .opencode/ directory is for local testing only and is not included in the npm package.
License
MIT
Contributing
Contributions welcome! Please open an issue or submit a PR.