Skip to content

fix: resolve OpenRouter 401 authentication errors #6460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: resolve OpenRouter 401 authentication errors #6460

wants to merge 1 commit into from

Conversation

@roomote
Copy link
Contributor

@roomote roomote bot commented Jul 31, 2025
edited by ellipsis-dev bot
Loading

This PR fixes the OpenRouter 401 authentication issue reported in #6459.

Problem

Users were experiencing "401 No auth credentials found" errors when using OpenRouter API keys. The issue occurred because:

  1. OpenRouter fetcher functions (getOpenRouterModels and getOpenRouterModelEndpoints) were not including the API key in their requests
  2. No proper error handling for 401 authentication failures
  3. Missing API key validation in the OpenRouter handler

Solution

  • ✅ Added Authorization header with Bearer token to all OpenRouter API requests
  • ✅ Updated GetModelsOptions type to include apiKey and baseUrl for OpenRouter
  • ✅ Added proper 401 error handling with descriptive error messages
  • ✅ Added API key validation in OpenRouter handler constructor with warnings for missing/invalid keys
  • ✅ Updated model cache to properly pass API credentials to OpenRouter fetcher functions
  • ✅ Added comprehensive tests for authentication scenarios

Testing

  • All existing tests pass
  • Added new tests for authentication scenarios including:
    • Authorization header inclusion when API key is provided
    • Proper error handling for 401 responses
    • API key validation warnings

Related Issue

Fixes #6459

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

Important

Fix OpenRouter 401 authentication errors by adding authorization headers and error handling.

  • Behavior:
    • Add Authorization header with Bearer token to OpenRouter API requests in getOpenRouterModels and getOpenRouterModelEndpoints.
    • Implement 401 error handling in getOpenRouterModels and getOpenRouterModelEndpoints with descriptive error messages.
    • Validate API key in OpenRouterHandler constructor, logging warnings for missing/invalid keys.
  • Types:
    • Update GetModelsOptions to include apiKey and baseUrl for OpenRouter.
  • Testing:
    • Add tests in openrouter.spec.ts for API key validation, authorization header inclusion, and 401 error handling.
    • Add tests in openrouter.spec.ts for getOpenRouterModels and getOpenRouterModelEndpoints to ensure correct header usage and error handling.

This description was created by Ellipsis for d186eb0. You can customize this summary. It will automatically update as commits are pushed.

@roomote
fix: resolve OpenRouter 401 authentication errors
d186eb0 
- Add Authorization header with Bearer token to OpenRouter API requests
- Include API key in getOpenRouterModels and getOpenRouterModelEndpoints functions
- Add proper 401 error handling with descriptive error messages
- Update GetModelsOptions type to include apiKey and baseUrl for OpenRouter
- Add API key validation in OpenRouter handler constructor
- Add comprehensive tests for authentication scenarios

Fixes #6459
@roomote roomote bot requested review from cte, jr and mrubens as code owners July 31, 2025 02:27
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. bug Something isn't working labels Jul 31, 2025
roomote[bot]
roomote bot commented Jul 31, 2025
View reviewed changes
Copy link
Contributor Author

@roomote roomote bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution! I've reviewed the changes and found that this PR effectively addresses the OpenRouter 401 authentication issue. The implementation adds proper authorization headers and error handling as described. I've identified one critical issue and several suggestions for improvement.

src/api/providers/fetchers/__tests__/openrouter.spec.ts
} from "@roo-code/types"

import { getOpenRouterModelEndpoints, getOpenRouterModels } from "../openrouter"
import axios from "axios"
Copy link
Contributor Author

@roomote roomote bot Jul 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The axios import was added here but wasn't present in the original file structure. Could you verify this import is actually needed and properly available in the test environment?

src/api/providers/fetchers/openrouter.ts
}
} catch (error) {
if (axios.isAxiosError(error) && error.response?.status === 401) {
console.error("OpenRouter API authentication failed. Please check your API key.")
Copy link
Contributor Author

@roomote roomote bot Jul 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the duplication of the same error message in both console.error and throw new Error intentional? Could we streamline this to avoid redundant logging?

src/api/providers/openrouter.ts

// Validate API key format
if (apiKey === "not-provided" || !apiKey || apiKey.trim() === "") {
console.warn("OpenRouter API key is missing or invalid. This may cause authentication errors.")
Copy link
Contributor Author

@roomote roomote bot Jul 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The API key validation happens in the constructor but API calls occur later. Could we consider more strict validation (e.g., checking expected prefixes or length) to catch format issues earlier?

src/shared/api.ts

export type GetModelsOptions =
| { provider: "openrouter" }
| { provider: "openrouter"; apiKey?: string; baseUrl?: string }
Copy link
Contributor Author

@roomote roomote bot Jul 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GetModelsOptions type makes apiKey optional, but the error handling suggests it's expected. Could we make this more explicit in the type definition for better type safety?

@hannesrudolph hannesrudolph added the Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. label Jul 31, 2025
@roomote roomote bot mentioned this pull request Jul 31, 2025
Closed
@daniel-lxs
Copy link
Member

daniel-lxs commented Aug 1, 2025

Issue seems solved

@daniel-lxs daniel-lxs closed this Aug 1, 2025
@github-project-automation github-project-automation bot moved this from Triage to Done in Roo Code Roadmap Aug 1, 2025
@github-project-automation github-project-automation bot moved this from New to Done in Roo Code Roadmap Aug 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrubens mrubens Awaiting requested review from mrubens mrubens is a code owner

@cte cte Awaiting requested review from cte cte is a code owner

@jr jr Awaiting requested review from jr jr is a code owner

Assignees

No one assigned

Labels

bug Something isn't working Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. size:L This PR changes 100-499 lines, ignoring generated files.

Projects

Roo Code Roadmap
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OpenRouter returns 401 error with valid API key

4 participants

@daniel-lxs @hannesrudolph @roomote