Oh My Pi just changed how it authenticates with xAI. Instead of requiring users to manage API keys, it now uses device flow — the same authentication method used by GitHub CLI and other developer tools.
What Changed
fix(ai-registry): migrated xAI auth to device flow for reliability
Previously, connecting to xAI required:
- Getting an API key from console.x.ai
- Copying the key into Oh My Pi’s config
- Hoping the key didn’t expire or get revoked
Now, device flow handles everything:
- Oh My Pi opens a browser window
- You log in to xAI
- You authorize Oh My Pi
- Done — the token is stored securely
Why Device Flow Is Better
Device flow is the industry standard for CLI authentication. It’s better than API keys because:
- No API key management — the token is created by xAI, not you
- Automatic refresh — tokens expire and refresh automatically
- Revocable — you can revoke access from xAI’s dashboard
- Secure — tokens never leave your machine
For coding agents that need persistent access to xAI, device flow is the right approach. API keys are fine for scripts and automation. For interactive tools, device flow is better.
The Reliability Angle
The commit message says “for reliability” — and that’s the key. API keys fail when:
- They expire
- They get rate-limited
- The provider revokes them
- The user accidentally shares them
Device flow eliminates all of these failure modes. The token is managed by xAI’s auth system, not by the user.
What This Means for Users
If you’re using Oh My Pi with xAI, the upgrade is seamless. Your existing API key will continue to work until it expires. After that, the device flow will prompt you to re-authenticate.
The change also signals that Oh My Pi is maturing its auth infrastructure. As more providers add device flow support, Oh My Pi will likely adopt it across the board.