This repo implements authentication for an OpenCode plugin that talks to Cursor services.
To keep the public repository low-risk, this document focuses on how to use the plugin and how credentials are handled, and intentionally avoids publishing deep protocol recipes or derived proprietary implementation details.
- Initiates an interactive login flow in your browser and polls locally for completion.
- On success, you get an access token + refresh token that the plugin can reuse.
Quick demo:
bun run demo:login
bun run demo:status
bun run demo:logout- If you already have a Cursor API key, the plugin can exchange it for access/refresh credentials.
- Useful for non-interactive setups.
- You can provide an access token via environment variables for local testing.
Credentials are stored locally using this project’s storage layer (see src/lib/storage.ts and the OpenCode plugin integration in src/plugin/plugin.ts).
Guidance:
- Never commit tokens, cookies, or credential exports to git.
- Prefer environment variables for ephemeral testing.
- If requests start failing unexpectedly, re-run
bun run demo:loginto refresh credentials. - If you suspect stale credentials, run
bun run demo:logoutand log in again.