feat: add MiniMax OAuth plugin (#4521) (thanks @Maosghoul)

extensions/minimax-portal-auth/README.md

@@ -0,0 +1,33 @@
+# MiniMax OAuth (OpenClaw plugin)
+
+OAuth provider plugin for **MiniMax** (OAuth).
+
+## Enable
+
+Bundled plugins are disabled by default. Enable this one:
+
+```bash
+openclaw plugins enable minimax-portal-auth
+```
+
+Restart the Gateway after enabling.
+
+```bash
+openclaw gateway restart
+```
+
+## Authenticate
+
+```bash
+openclaw models auth login --provider minimax-portal --set-default
+```
+
+You will be prompted to select an endpoint:
+
+- **Global** - International users, optimized for overseas access (`api.minimax.io`)
+- **China** - Optimized for users in China (`api.minimaxi.com`)
+
+## Notes
+
+- MiniMax OAuth uses a user-code login flow.
+- Currently, OAuth login is supported only for the Coding plan

extensions/minimax-portal-auth/index.ts

@@ -0,0 +1,152 @@
+import { emptyPluginConfigSchema } from "clawdbot/plugin-sdk";
+
+import { loginMiniMaxPortalOAuth, type MiniMaxRegion } from "./oauth.js";
+
+const PROVIDER_ID = "minimax-portal";
+const PROVIDER_LABEL = "MiniMax";
+const DEFAULT_MODEL = "MiniMax-M2.1";
+const DEFAULT_BASE_URL_CN = "https://api.minimaxi.com/anthropic";
+const DEFAULT_BASE_URL_GLOBAL = "https://api.minimax.io/anthropic";
+const DEFAULT_CONTEXT_WINDOW = 200000;
+const DEFAULT_MAX_TOKENS = 8192;
+const OAUTH_PLACEHOLDER = "minimax-oauth";
+
+function getDefaultBaseUrl(region: MiniMaxRegion): string {
+  return region === "cn" ? DEFAULT_BASE_URL_CN : DEFAULT_BASE_URL_GLOBAL;
+}
+
+function modelRef(modelId: string): string {
+  return `${PROVIDER_ID}/${modelId}`;
+}
+
+function buildModelDefinition(params: { id: string; name: string; input: Array<"text" | "image"> }) {
+  return {
+    id: params.id,
+    name: params.name,
+    reasoning: false,
+    input: params.input,
+    cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+    contextWindow: DEFAULT_CONTEXT_WINDOW,
+    maxTokens: DEFAULT_MAX_TOKENS,
+  };
+}
+
+function createOAuthHandler(region: MiniMaxRegion) {
+  const defaultBaseUrl = getDefaultBaseUrl(region);
+  const regionLabel = region === "cn" ? "CN" : "Global";
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  return async (ctx: any) => {
+    const progress = ctx.prompter.progress(`Starting MiniMax OAuth (${regionLabel})…`);
+    try {
+      const result = await loginMiniMaxPortalOAuth({
+        openUrl: ctx.openUrl,
+        note: ctx.prompter.note,
+        progress,
+        region,
+      });
+
+      progress.stop("MiniMax OAuth complete");
+
+      if (result.notification_message) {
+        await ctx.prompter.note(result.notification_message, "MiniMax OAuth");
+      }
+
+      const profileId = `${PROVIDER_ID}:default`;
+      const baseUrl = result.resourceUrl || defaultBaseUrl;
+
+      return {
+        profiles: [
+          {
+            profileId,
+            credential: {
+              type: "oauth" as const,
+              provider: PROVIDER_ID,
+              access: result.access,
+              refresh: result.refresh,
+              expires: result.expires,
+            },
+          },
+        ],
+        configPatch: {
+          models: {
+            providers: {
+              [PROVIDER_ID]: {
+                baseUrl,
+                apiKey: OAUTH_PLACEHOLDER,
+                api: "anthropic-messages",
+                models: [
+                  buildModelDefinition({
+                    id: "MiniMax-M2.1",
+                    name: "MiniMax M2.1",
+                    input: ["text"],
+                  }),
+                  buildModelDefinition({
+                    id: "MiniMax-M2.1-lightning",
+                    name: "MiniMax M2.1 Lightning",
+                    input: ["text"],
+                  }),
+                ],
+              },
+            },
+          },
+          agents: {
+            defaults: {
+              models: {
+                [modelRef("MiniMax-M2.1")]: { alias: "minimax-m2.1" },
+                [modelRef("MiniMax-M2.1-lightning")]: { alias: "minimax-m2.1-lightning" },
+              },
+            },
+          },
+        },
+        defaultModel: modelRef(DEFAULT_MODEL),
+        notes: [
+          "MiniMax OAuth tokens auto-refresh. Re-run login if refresh fails or access is revoked.",
+          `Base URL defaults to ${defaultBaseUrl}. Override models.providers.${PROVIDER_ID}.baseUrl if needed.`,
+          ...(result.notification_message ? [result.notification_message] : []),
+        ],
+      };
+    } catch (err) {
+      const errorMsg = err instanceof Error ? err.message : String(err);
+      progress.stop(`MiniMax OAuth failed: ${errorMsg}`);
+      await ctx.prompter.note(
+        "If OAuth fails, verify your MiniMax account has portal access and try again.",
+        "MiniMax OAuth",
+      );
+      throw err;
+    }
+  };
+}
+
+const minimaxPortalPlugin = {
+  id: "minimax-portal-auth",
+  name: "MiniMax OAuth",
+  description: "OAuth flow for MiniMax models",
+  configSchema: emptyPluginConfigSchema(),
+  register(api) {
+    api.registerProvider({
+      id: PROVIDER_ID,
+      label: PROVIDER_LABEL,
+      docsPath: "/providers/minimax",
+      aliases: ["minimax"],
+      auth: [
+        {
+          id: "oauth",
+          label: "MiniMax OAuth (Global)",
+          hint: "Global endpoint - api.minimax.io",
+          kind: "device_code",
+          run: createOAuthHandler("global"),
+        },
+        {
+          id: "oauth-cn",
+          label: "MiniMax OAuth (CN)",
+          hint: "CN endpoint - api.minimaxi.com",
+          kind: "device_code",
+          run: createOAuthHandler("cn"),
+        },
+      ],
+    });
+  },
+};
+
+export default minimaxPortalPlugin;

extensions/minimax-portal-auth/oauth.ts

@@ -0,0 +1,252 @@
+import { createHash, randomBytes, randomUUID } from "node:crypto";
+
+export type MiniMaxRegion = "cn" | "global";
+
+const MINIMAX_OAUTH_CONFIG = {
+  cn: {
+    baseUrl: "https://api.minimaxi.com",
+    clientId: "78257093-7e40-4613-99e0-527b14b39113",
+  },
+  global: {
+    baseUrl: "https://api.minimax.io",
+    clientId: "78257093-7e40-4613-99e0-527b14b39113",
+  },
+} as const;
+
+const MINIMAX_OAUTH_SCOPE = "group_id profile model.completion";
+const MINIMAX_OAUTH_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:user_code";
+
+function getOAuthEndpoints(region: MiniMaxRegion) {
+  const config = MINIMAX_OAUTH_CONFIG[region];
+  return {
+    codeEndpoint: `${config.baseUrl}/oauth/code`,
+    tokenEndpoint: `${config.baseUrl}/oauth/token`,
+    clientId: config.clientId,
+    baseUrl: config.baseUrl,
+  };
+}
+
+export type MiniMaxOAuthAuthorization = {
+  user_code: string;
+  verification_uri: string;
+  expired_in: number;
+  interval?: number;
+  state: string;
+};
+
+export type MiniMaxOAuthToken = {
+  access: string;
+  refresh: string;
+  expires: number;
+  resourceUrl?: string;
+  notification_message?: string;
+};
+
+type TokenPending = { status: "pending"; message?: string };
+
+type TokenResult =
+  | { status: "success"; token: MiniMaxOAuthToken }
+  | TokenPending
+  | { status: "error"; message: string };
+
+function toFormUrlEncoded(data: Record<string, string>): string {
+  return Object.entries(data)
+    .map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`)
+    .join("&");
+}
+
+function generatePkce(): { verifier: string; challenge: string; state: string } {
+  const verifier = randomBytes(32).toString("base64url");
+  const challenge = createHash("sha256").update(verifier).digest("base64url");
+  const state = randomBytes(16).toString("base64url");
+  return { verifier, challenge, state };
+}
+
+async function requestOAuthCode(params: {
+  challenge: string;
+  state: string;
+  region: MiniMaxRegion;
+}): Promise<MiniMaxOAuthAuthorization> {
+  const endpoints = getOAuthEndpoints(params.region);
+  const response = await fetch(endpoints.codeEndpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Accept: "application/json",
+      "x-request-id": randomUUID(),
+    },
+    body: toFormUrlEncoded({
+      response_type: "code",
+      client_id: endpoints.clientId,
+      scope: MINIMAX_OAUTH_SCOPE,
+      code_challenge: params.challenge,
+      code_challenge_method: "S256",
+      state: params.state,
+    }),
+  });
+
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(`MiniMax OAuth authorization failed: ${text || response.statusText}`);
+  }
+
+  const payload = (await response.json()) as MiniMaxOAuthAuthorization & { error?: string };
+  if (!payload.user_code || !payload.verification_uri) {
+    throw new Error(
+      payload.error ??
+        "MiniMax OAuth authorization returned an incomplete payload (missing user_code or verification_uri).",
+    );
+  }
+  if (payload.state !== params.state) {
+    throw new Error(
+      "MiniMax OAuth state mismatch: possible CSRF attack or session corruption.",
+    );
+  }
+  return payload;
+}
+
+async function pollOAuthToken(params: {
+  userCode: string;
+  verifier: string;
+  region: MiniMaxRegion;
+}): Promise<TokenResult> {
+  const endpoints = getOAuthEndpoints(params.region);
+  const response = await fetch(endpoints.tokenEndpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Accept: "application/json",
+    },
+    body: toFormUrlEncoded({
+      grant_type: MINIMAX_OAUTH_GRANT_TYPE,
+      client_id: endpoints.clientId,
+      user_code: params.userCode,
+      code_verifier: params.verifier,
+    }),
+  });
+
+  const text = await response.text();
+  let payload:
+    | {
+        status?: string;
+        base_resp?: { status_code?: number; status_msg?: string };
+      }
+    | undefined;
+  if (text) {
+    try {
+      payload = JSON.parse(text) as typeof payload;
+    } catch {
+      payload = undefined;
+    }
+  }
+
+  if (!response.ok) {
+    return {
+      status: "error",
+      message:
+        payload?.base_resp?.status_msg ??
+        text ||
+        "MiniMax OAuth failed to parse response.",
+    };
+  }
+
+  if (!payload) {
+    return { status: "error", message: "MiniMax OAuth failed to parse response." };
+  }
+
+  const tokenPayload = payload as {
+    status: string;
+    access_token?: string | null;
+    refresh_token?: string | null;
+    expired_in?: number | null;
+    token_type?: string;
+    resource_url?: string;
+    notification_message?: string;
+  };
+
+  if (tokenPayload.status === "error") {
+    return { status: "error", message: "An error occurred. Please try again later"};
+  }
+  
+  if (tokenPayload.status != "success") {
+    return { status: "pending", message: "current user code is not authorized" };
+  }
+
+  if (!tokenPayload.access_token || !tokenPayload.refresh_token || !tokenPayload.expired_in) {
+    return { status: "error", message: "MiniMax OAuth returned incomplete token payload." };
+  }
+
+  return {
+    status: "success",
+    token: {
+      access: tokenPayload.access_token,
+      refresh: tokenPayload.refresh_token,
+      expires: tokenPayload.expired_in,
+      resourceUrl: tokenPayload.resource_url,
+      notification_message: tokenPayload.notification_message,
+    },
+  };
+}
+
+export async function loginMiniMaxPortalOAuth(params: {
+  openUrl: (url: string) => Promise<void>;
+  note: (message: string, title?: string) => Promise<void>;
+  progress: { update: (message: string) => void; stop: (message?: string) => void };
+  region?: MiniMaxRegion;
+}): Promise<MiniMaxOAuthToken> {
+  const region = params.region ?? "global";
+  const { verifier, challenge, state } = generatePkce();
+  const oauth = await requestOAuthCode({ challenge, state, region });
+  const verificationUrl = oauth.verification_uri;
+
+  const noteLines = [
+    `Open ${verificationUrl} to approve access.`,
+    `If prompted, enter the code ${oauth.user_code}.`,
+    `Interval: ${oauth.interval ?? "default (2000ms)"}, Expires in: ${oauth.expired_in}ms`,
+  ];
+  await params.note(noteLines.join("\n"), "MiniMax OAuth");
+
+  try {
+    await params.openUrl(verificationUrl);
+  } catch {
+    // Fall back to manual copy/paste if browser open fails.
+  }
+
+  let pollIntervalMs = oauth.interval ? oauth.interval : 2000;
+  const expireTimeMs = oauth.expired_in;
+
+
+  while (Date.now() < expireTimeMs) {
+    params.progress.update("Waiting for MiniMax OAuth approval…");
+    const result = await pollOAuthToken({
+      userCode: oauth.user_code,
+      verifier,
+      region,
+    });
+
+    // // Debug: print poll result
+    // await params.note(
+    //   `status: ${result.status}` +
+    //     (result.status === "success" ? `\ntoken: ${JSON.stringify(result.token, null, 2)}` : "") +
+    //     (result.status === "error" ? `\nmessage: ${result.message}` : "") +
+    //     (result.status === "pending" && result.message ? `\nmessage: ${result.message}` : ""),
+    //   "MiniMax OAuth Poll Result",
+    // );
+
+    if (result.status === "success") {
+      return result.token;
+    }
+
+    if (result.status === "error") {
+      throw new Error(`MiniMax OAuth failed: ${result.message}`);
+    }
+
+    if (result.status === "pending") {
+      pollIntervalMs = Math.min(pollIntervalMs * 1.5, 10000);
+    }
+
+    await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
+  }
+
+  throw new Error("MiniMax OAuth timed out waiting for authorization.");
+}

extensions/minimax-portal-auth/openclaw.plugin.json

@@ -0,0 +1,11 @@
+{
+  "id": "minimax-portal-auth",
+  "providers": [
+    "minimax-portal"
+  ],
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {}
+  }
+}

extensions/minimax-portal-auth/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "@openclaw/minimax-portal-auth",
+  "version": "2026.1.30",
+  "type": "module",
+  "description": "OpenClaw MiniMax Portal OAuth provider plugin",
+  "openclaw": {
+    "extensions": [
+      "./index.ts"
+    ]
+  }
+}