Skip to content

fix(grok): align OAuth requests with official CLI proxy#4037

Open
superman2003 wants to merge 4 commits into
Wei-Shaw:mainfrom
superman2003:fix/grok-cli-version-header
Open

fix(grok): align OAuth requests with official CLI proxy#4037
superman2003 wants to merge 4 commits into
Wei-Shaw:mainfrom
superman2003:fix/grok-cli-version-header

Conversation

@superman2003

@superman2003 superman2003 commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Route Grok OAuth subscription inference through https://cli-chat-proxy.grok.com/v1.
  • Migrate empty and legacy https://api.x.ai/v1 OAuth base URLs at runtime without rewriting stored credentials.
  • Keep API-key accounts and explicit custom upstream URLs unchanged.
  • Default empty Grok OAuth probes, quota probes, Responses forwarding, and WebSocket HTTP fallback to grok-4.5.
  • Send X-Grok-Client-Version: 0.2.93 consistently on Grok upstream requests.
  • Store the CLI proxy base URL for newly authorized OAuth accounts in both backend and frontend flows.

Root cause

Grok OAuth exports historically store https://api.x.ai/v1. That is the credit-backed xAI API, so a valid Free subscription account can fail there with HTTP 402 personal-team-blocked:spending-limit even though the same token is entitled to use Grok 4.5 through the official CLI proxy. Free accounts may also reject the old grok-4.3 probe default.

This PR keeps the paid API path for API-key accounts and changes only OAuth subscription defaults and legacy OAuth values.

Related work

The focused OAuth routing commit is carried from #4009 (06b5e6b8) with the original author preserved. This PR does not include #4009's broader API-key UI or quota-display changes.

Verification

git diff --check
go test -tags=unit ./internal/service -run Grok -count=1
go test -tags=unit ./internal/handler/admin -run Grok -count=1
go test -tags=unit ./internal/pkg/xai -count=1
pnpm vitest run src/composables/__tests__/useGrokOAuth.spec.ts
pnpm vue-tsc --noEmit

All commands above pass locally. The frontend targeted suite reports 2/2 tests passed.

A sanitized live comparison was also run with one user-supplied OAuth export, read-only and without token refresh or credential writes:

  • CLI proxy /models: HTTP 200 and includes grok-4.5.
  • Legacy api.x.ai/v1/responses: HTTP 402 personal-team-blocked:spending-limit.
  • The same Sub2 request body and headers sent to CLI proxy /responses: HTTP 200 with response.completed.
  • CLI proxy /chat/completions: HTTP 200.

Residual risk

OAuth media endpoints also use the account's normalized Grok base URL. Chat, Responses, health checks, quota probes, and WebSocket fallback are covered; image/video generation was not live-tested to avoid a potentially billable request. API-key media routing remains unchanged.

@superman2003 superman2003 changed the title fix(grok): send CLI version header for subscription accounts fix(grok): align OAuth requests with official CLI proxy Jul 12, 2026
…header

# Conflicts:
#	backend/internal/service/openai_gateway_grok_test.go
FLuoXue added a commit to FLuoXue/sub2api that referenced this pull request Jul 12, 2026
…ion header)

Pull Grok OAuth subscription routing and CLI version header fixes into local main.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants