feat: Multi-Account OAuth Support with Auto-Relogin

[mguttmann]

Summary

Add support for multiple OAuth accounts per provider with automatic credential rotation and browser-based session management for expired tokens.

Motivation

Currently, OpenCode only supports a single OAuth account per provider. When that account hits rate limits, work stops. Users who have multiple accounts (e.g. personal + work) need to manually switch between them.

This feature enables:

• Multiple accounts per provider — add as many OAuth accounts as you want
• Automatic failover — when one account hits rate limits or auth failures, seamlessly rotate to the next
• Browser-based auto-relogin — automatically refresh expired tokens using Puppeteer sessions
• Per-request credential tracking — know which account is being used for each session

Changes

Backend (packages/opencode)

• Multi-account store: Track multiple OAuth records per provider in auth/index.ts
• Credential rotation (auth/rotating-fetch.ts): Automatically failover to next account on rate limits or auth failures
• Browser sessions (auth/browser.ts): Puppeteer-based auto-relogin for expired tokens
• Credential manager (auth/credential-manager.ts): Event-driven failover notifications
• Auth context (auth/context.ts): AsyncLocalStorage for per-request credential tracking
• Config: oauth rotation settings (cooldowns, retries, max attempts)
• CLI: Browser session management commands
• Server routes: Account CRUD, usage, browser session endpoints

Frontend (packages/app)

• Provider settings: Manage accounts, set active, view usage
• Session context tab: Show which account is active per session

SDK

• Regenerated with all new multi-account endpoints

Related

Split from #9971 (closed) for cleaner review.

[github-actions]

This issue might be a duplicate of existing issues. Please check:

• feat: OAuth Enhancements - Multi-Account, YOLO Mode, Auto-Relogin #9971: feat: OAuth Enhancements - Multi-Account, YOLO Mode, Auto-Relogin (already implemented and closed)
• feat: OAuth Marathon - multi-account credential rotation #8591: feat: OAuth Marathon - multi-account credential rotation
• [FEATURE]: Multiple account login with Codex OAuth and round robin load balancing #8145: [FEATURE]: Multiple account login with Codex OAuth and round robin load balancing

Feel free to ignore if this addresses your specific case differently or if there are additional improvements needed beyond the closed issues.

[mguttmann]

Thanks for flagging these!

This issue is the clean successor to #9971 (which I closed myself to split into focused PRs). Here's how this relates to the duplicates found:

Issue	Status	Comparison
#9971	Closed by me	Was a combined PR (Multi-Account + YOLO + Auto-Relogin). Split into this issue + #11831 for cleaner review
#8591	Open	Similar scope — credential rotation. This implementation goes further with Puppeteer-based auto-relogin, per-request credential tracking via AsyncLocalStorage, and a full Settings UI for account management
#8145	Open (feature request)	This is the implementation for that request. Covers round-robin load balancing via rotating-fetch.ts with configurable cooldowns and automatic failover

The PR implementing this is #11832 — all CI checks passing ✅

[mguttmann]

[mguttmann]

[aydgn]

Here is a plugin with a similar purpose: https://github.com/NoeFabris/opencode-antigravity-auth/
It automatically switches accounts when a rate limit is reached.

[mguttmann]

Thanks for sharing @aydgn! That's an interesting plugin, but it solves a different problem.

opencode-antigravity-auth is specifically for authenticating against Google's Antigravity IDE to access Gemini and Claude models through Google's quota. It's a third-party auth plugin for one specific provider.

This issue/PR is about native multi-account support for OpenCode's built-in OAuth providers — Copilot, Codex, and any other OAuth-based provider. It adds:

• Multiple accounts per provider with automatic rotation on rate limits
• Puppeteer-based auto-relogin when tokens expire (no manual re-auth)
• A Settings UI for managing accounts (add/remove, set active, view status)
• Per-request credential tracking via AsyncLocalStorage
• Configurable cooldowns, retries, and failover logic

So it's more of a core infrastructure feature for OpenCode itself rather than a provider-specific plugin. Both can happily coexist though — you could use the Antigravity plugin for Google models and this PR's multi-account support for Copilot/Codex at the same time.

[abien]

There might be a strategic consideration here: some providers may prefer that their subscriptions aren't used via third-party tools like OpenCode. Integrating this into the core might be perceived as conflicting with provider interests (e.g., Anthropic). Would it be better to implement this as a plugin? This gives users the choice while keeping the core engine provider-neutral.

[mguttmann]

Valid concern @abien, but I think it's worth noting: OpenCode already has OAuth integration for Claude, Copilot and Codex built into its core. This isn't something new — it's been there from the start, and it's what enables users to connect their existing subscriptions.

This PR doesn't introduce OAuth support — it extends what's already built-in. It adds the ability to manage multiple accounts per provider and auto-relogin when tokens expire. If there were a philosophical problem with using provider subscriptions via OpenCode, that ship has already sailed — the entire auth infrastructure is a core feature.

As for the "provider interests" angle — the OAuth tokens get revoked or blocked from time to time, and new workarounds are found. That's been the cycle. If the stance were that this conflicts with provider interests, the existing single-account OAuth would need to be removed too. My PR just makes the existing experience more robust by adding failover and rotation.

That said, I do agree plugins are great for provider-specific things (like the Antigravity plugin @aydgn linked). But multi-account management for OpenCode's own built-in auth providers feels like core infrastructure to me.

[aydgn]

I completely agree @mguttmann. Having it automatically switch to the next account would be ideal just like in the plugin I shared earlier. That would really provide the best experience.