Back to Signal Feed
CodeTracked since May 19, 2026

Stabilize Copilot auth by forcing correct integrator scope and user-based credential matching

The PR changes oh-my-pi’s GitHub Copilot auth flow so model calls carry `Copilot-Integration-Id: vscode-chat` and login stores a stable numeric GitHub user id in credentials, enabling existing dedup logic to match repeat logins instead of appending duplicates.

GitHub CopilotCopilot-Integration-Idvscode-chatOAuthCredentials

What Happened

  • The PR changes oh-my-pi’s GitHub Copilot auth flow so model calls carry `Copilot-Integration-Id: vscode-chat` and login stores a stable numeric GitHub user id in credentials, enabling existing dedup logic to match repeat logins instead of appending duplicates.
  • The PR changes oh-my-pi’s GitHub Copilot auth flow so model calls carry `Copilot-Integration-Id: vscode-chat` and login stores a stable numeric GitHub user id in credentials, enabling existing dedup logic to match repeat logins instead of appending duplicates.
  • 1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

Introduces two concrete auth reliability fixes: it scopes Copilot model requests to the correct integrator (`vscode-chat`) to prevent token-scope model denial, and it uses GitHub’s stable numeric user id from `/user` as `accountId` so repeated logins resolve to the existing credential row instead of creating new ones.

Why Track This

Why It Matters

oh-my-pi users relying on Copilot credentials will get more stable model access and cleaner auth state because calls are routed under the correct Copilot integrator and repeated logins no longer proliferate duplicate credential rows. Previously, `ghu_` tokens could hit an incorrect scope and intermittently return `model_not_available_for_integrator`, while missing `accountId`/email made dedup impossible; adding the integration header and persisted user id addresses both. Watch whether non-standard Copilot token sources still bypass the expected scope behavior, and monitor cases where `/user` lookup fails (best-effort path is silent, so duplicates can still appear if that fetch is unavailable).

Impact

oh-my-pi users relying on Copilot credentials will get more stable model access and cleaner auth state because calls are routed under the correct Copilot integrator and repeated logins no longer proliferate duplicate credential rows. Previously, `ghu_` tokens could hit an incorrect scope and intermittently return `model_not_available_for_integrator`, while missing `accountId`/email made dedup impossible; adding the integration header and persisted user id addresses both. Watch whether non-standard Copilot token sources still bypass the expected scope behavior, and monitor cases where `/user` lookup fails (best-effort path is silent, so duplicates can still appear if that fetch is unavailable).

What To Watch Next

  • Watch whether GitHub Copilot becomes a repeated pattern.
  • Track follow-up changes around AI Integration in IDEs.
  • Compare future signals against this evidence trail.
  • Re-check risk flags: incorrect_integrator_scope_for_nonstandard_tokens, user_lookup_failures_disable_dedup.
Open Topic TimelineOpen Technical EventOpen Original Sourceincorrect_integrator_scope_for_nonstandard_tokens / user_lookup_failures_disable_dedup / header_regression_on_new_copilot_endpoints

Supporting Evidence

GITHUB PULL REQUESTHigh Trust

can1357/oh-my-pi PR #1210: fix(ai): add Copilot-Integration-Id header and fix credential dedup on login

It adds `COPILOT_REQUEST_HEADERS` to Copilot model request sites and updates `loginGitHubCopilot` to fetch `/api.github.com/user` and persist `accountId` for deduplicated credential updates.