Auth & API Keys (27)

Official issues about login, OAuth, API keys, and provider auth. Sourced from the official GitHub repo; status derived from official labels; every entry links back to its source with a last-checked date.

#58237 Workaround P2 comp/dashboard

[Bug]: Dashboard auto-SSO redirect 500s when only basic auth provider is configured

When the Hermes Dashboard is bound to a non-loopback address with only basic_auth configured, visiting the root URL 500s because the auto-redirect calls the SSO start_login() path, which basic auth (password-only) doesn't implement.

#58231 Workaround P2 comp/agent

[Bug] minimax-oauth provider requires API key env var despite being OAuth

When minimax-oauth is configured for auxiliary.title_generation, Hermes still tries to load a MINIMAX-OAUTH_API_KEY env var instead of using the existing OAuth token auth, causing title generation to fail.

#58207 Workaround P2 comp/dashboard

[Bug]: Dashboard OAuth provider login fails in gated mode because startOAuthLogin requires legacy session token

In gated dashboard auth mode, clicking the Nous Portal provider login inside an already-authenticated dashboard fails before calling the backend because the frontend requires a legacy session token that is intentionally absent.

#58175 Workaround P2 comp/gateway

Signal group messages rejected by _is_user_authorized despite passing adapter-level filter

Signal group messages that pass the adapter-level filter are still rejected by _is_user_authorized because Platform.SIGNAL is missing from the platform_group_user_env_map dict used for group authorization.

#58167 Workaround P2 comp/agent

redact: SendGrid prefix pattern masks only the key-id segment — the key-secret segment stays in cleartext

The SendGrid redaction regex in agent/redact.py stops matching at the second dot, so the key-secret segment of a 3-part SendGrid API key remains unmasked in cleartext in logs and transcripts.

#58166 Workaround P2 comp/dashboard

fix(dashboard-auth): GET /auth/login?provider=basic returns HTTP 500 (NotImplementedError in BasicAuthProvider.start_login)

When the dashboard uses the built-in basic auth provider, the GET /auth/login?provider=basic redirect returns HTTP 500 instead of the login form because BasicAuthProvider.start_login() always raises NotImplementedError.

#58100 Workaround P2 comp/cli

[Bug]: get_env_value_prefer_dotenv returns None when get_secret returns None instead of falling through to os.environ

get_env_value_prefer_dotenv() returns None when get_secret() finds no match, instead of falling through to os.environ, preventing secrets injected via Bitwarden Secrets Manager from being resolved.

#57836 Fixed P2 comp/gateway

[Bug]: Headless MCP OAuth blocks gateway startup with stale cached tokens

A non-interactive gateway run can stay stuck in MCP OAuth discovery for the full browser-callback timeout when token refresh fails, and retries then fail because the callback port is still in use. This issue is now closed.

#57749 Investigating P3 comp/dashboard

dashboard-auth.log grows without rotation

The dashboard-auth.log file is written via plain append with no size cap or rotation, unlike other log files in the system, causing it to grow unbounded on busy dashboards.

#57735 Workaround P2 tool/terminal

redact_secrets rewrites executed command text (corrupts Authorization headers / inline code), not just logs

Enabling security.redact_secrets rewrites secret-shaped substrings inside the actual command text sent to the shell or interpreter, not just in logs, corrupting commands that legitimately contain credential-like strings.

#55712 Workaround P2 comp/dashboard

Remote dashboard session expires due to rotating refresh-token replay

Remote dashboard sessions repeatedly expire around the refresh-token rotation window when accessed from another machine on the LAN.

#55253 Investigating P3 comp/cli

Bound OpenAI Codex auth JSON responses

The OpenAI Codex device-auth login flow reads successful JSON responses with unbounded httpx calls, with no byte cap on the response body for several auth endpoints.

#48534 Fixed P1 comp/agent

Anthropic Max OAuth fails: token exchange 404s because Anthropic now blocks the claude-cli/ User-Agent

The built-in Anthropic OAuth token exchange fails with HTTP 404 because Anthropic now blocks any request carrying a claude-cli/ User-Agent prefix regardless of version, confirmed by testing multiple User-Agent strings.

#46511 Workaround P2 comp/cron

Cron jobs don't fallback when credential pool is exhausted (OAuth providers)

Cron jobs using OAuth-based providers fail with HTTP 429 when the credential pool is exhausted instead of falling back through the configured fallback_providers chain, unlike the main gateway/CLI session.

#43747 Workaround P2 comp/agent

[Bug]: openai-codex credential pool marks healthy later account as usage_limit_reached; auth reset restores operation

Hermes incorrectly marks all openai-codex pooled credentials as rate-limited even when one account still has quota, and running hermes auth reset openai-codex immediately restores normal operation.

#30649 Investigating P3 comp/agent

[Feature]: Proton Pass AI Access Tokens support (secret source backend)

Hermes currently supports Bitwarden Secrets Manager as an external secret source; the issue proposes adding Proton Pass's new AI Access Tokens as an additional secret source backend, given its read-only vault access, expiration controls, and audit logs.

#29530 Workaround P2 comp/cli

Profiled workers need a shared auth home separate from isolated HERMES_HOME

Profiled Hermes workers using isolated HERMES_HOME directories can end up with split-brain OAuth state for rotating/single-use refresh tokens; the reporter proposes a separate shared HERMES_AUTH_HOME for auth storage.

#29299 Investigating P3 tool/mcp

[Feature]: Need Https Oauth callback url ability

Feature request to support an HTTPS OAuth redirect_uri override for MCP, since some OAuth providers (e.g. Salesforce) reject the current localhost HTTP callback format.

#27385 Fixed P2 comp/cli

[Bug]: xAI OAuth loopback on macOS: local callback received, but Hermes times out

On a local macOS Hermes install, the xAI OAuth browser callback succeeds ("authorization received") but Hermes still throws an authorization timeout and never stores xAI credentials, a case the reporter distinguishes from documented remote/SSH callback failures.

#26847 Fixed P3

[Bug]: xAI OAuth (xai-oauth) returns HTTP 403 for standard SuperGrok subscribers — backend enforcing Heavy-only despite docs claiming all tiers

This closed issue reported that the xai-oauth provider returned HTTP 403 at inference time for standard (non-Heavy) SuperGrok subscribers, apparently due to an xAI backend restriction rather than a Hermes-side bug.

#24186 Fixed P3 comp/plugins

Hermes update broke Kanban — 401 Unauthorized on board load

After a Hermes update, the Kanban board fails to load with a 401 Unauthorized error via the dashboard, which the reporter suspects stems from the same update cycle that also broke Telegram pairing and introduced the 64K context minimum error.

#15080 Fixed P1

[Bug]: On a Claude Max 20x subscription with a valid OAuth access token from ~/.claude/.credentials.json, every Hermes request to native Anthropic (provider: anthropic, https://api.anthropic.com/v1/messages) is rejected with HTTP 400

With a valid Claude Max 20x OAuth access token, every Hermes request to the native Anthropic provider fails with HTTP 400, reporting that extra usage has been exhausted. Issue is closed as fixed.

#13484 Investigating P3 comp/agent

Feature: native Google Cloud Vertex AI provider support

Hermes has no working auth path for the Google Cloud Vertex AI provider, causing silent failures; the reporter built a standalone proxy handling service-account auth and proposes upstreaming it via the existing custom_providers mechanism.

#12058 Fixed P1 comp/cli

[Bug]: OpenAI Codex OAuth works in CLI, but Telegram gateway replies No Codex credentials stored

OpenAI Codex OAuth works via CLI, but the Telegram gateway reports 'No Codex credentials stored' despite the same credentials being valid, in a Docker/Coolify deployment. This issue is now closed.

#5528 Investigating P3 comp/agent

[Feature]: configurable approval-locked command patterns for dangerous/disruptive local actions

The set of commands requiring dangerous-action approval is currently hard-coded in tools/approval.py, so users cannot mark installation-specific or operationally-disruptive commands as approval-required without patching the source; the issue requests a configurable mechanism.

#4656 Investigating P3 comp/agent

[Feature]: credential proxy daemon — zero-knowledge HTTP/HTTPS broker for agent credentials

This feature proposes a credential proxy daemon that intercepts HTTP/HTTPS at the transport layer so the real credential value never exists anywhere the agent process can read it, addressing a gap left by existing env-scoping and PID-isolation mitigations.

#527 Workaround P2 comp/gateway

Feature: Gateway Permission Tiers — Role-Based Access Control (Owner/Admin/User/Guest) for Messenger Platforms

This issue reports that Hermes Agent's gateway authorization is currently all-or-nothing, and proposes a tiered permission system (Owner/Admin/User/Guest) for messaging platforms.

Other categories

Back to curated issues . School solution cards . Troubleshooting