fix: guide users to enable device code login for ChatGPT OAuth

[mwmdev]

Summary

Fixes #211. OpenAI's device code OAuth flow requires users to explicitly enable device code login in their ChatGPT security settings before it can be used. Without this, the auth flow fails with an unknown_error at auth.openai.com/error.

• Backend: Handle 404 from the /deviceauth/usercode endpoint with a specific error message directing users to enable device code login (matches how the official Codex CLI handles this case)
• Frontend: Add a prerequisite note with a link to ChatGPT security settings in the OAuth dialog

Test plan

• Open Settings > Providers > Sign in with ChatGPT Plus
• Verify the dialog shows the prerequisite note with a link to ChatGPT security settings
• With device code login disabled: verify the backend returns the specific error message instead of a generic failure
• With device code login enabled: verify the full OAuth flow completes successfully

Note

This PR adds a prerequisite note to the ChatGPT OAuth dialog and improves error handling when device code login is not enabled. The backend now returns a specific 404-based error message instead of a generic failure, and the frontend displays a link to the ChatGPT security settings where users can enable device code login.

_{Written by Tembo for commit f9ab88a.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8582124 and f9ab88a.

📒 Files selected for processing (2)

• interface/src/routes/Settings.tsx
• src/openai_auth.rs

---

Walkthrough

The PR adds instructional guidance for users encountering ChatGPT OAuth authentication failures due to disabled device code login. Changes include a UI dialog text update and backend 404 error handling with helpful messaging directing users to enable the feature in ChatGPT security settings.

Changes

Cohort / File(s)	Summary
ChatGPT OAuth Error Messaging interface/src/routes/Settings.tsx, src/openai_auth.rs	Adds instructional guidance for device code login: UI dialog text directing users to enable the feature in ChatGPT security settings, and backend 404 error handling with specific error message inserted before general non-success checks.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: guiding users to enable device code login for ChatGPT OAuth, which matches the PR's core objective.
Description check	✅ Passed	The description comprehensively explains the changes, links to the bug being fixed, outlines both backend and frontend modifications, and provides a clear test plan.
Linked Issues check	✅ Passed	The PR directly addresses issue #211 by detecting the 404 response when device code login is disabled and providing clear guidance to enable it in ChatGPT security settings.
Out of Scope Changes check	✅ Passed	All changes are directly related to the PR objective: handling the device code login requirement through backend error detection and frontend user guidance.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[tembo]

Might be worth inserting a line break so the prerequisite note stands out a bit more in the dialog.

Suggested change

	You must first <a href="https://chatgpt.com/security-settings" target="_blank" rel="noopener noreferrer" className="underline text-accent hover:text-accent/80">enable device code login</a> in your ChatGPT security settings.
	<br />
	You must first <a href="https://chatgpt.com/security-settings" target="_blank" rel="noopener noreferrer" className="underline text-accent hover:text-accent/80">enable device code login</a> in your ChatGPT security settings.

[mwmdev]

IMO it looks fine:

[tembo]

Small thought: if you ever touch this area again, it might be worth checking the 404 case before calling .text().await so you can skip the body read and still surface the friendly guidance even if body read fails.