opencode-auth-kiro
Advanced tools
OpenCode plugin for Kiro and AWS CodeWhisperer authentication. It registers Kiro models, provides Kiro login methods, and routes OpenAI-compatible requests through Kiro credentials.
Add the plugin to your OpenCode config:
{
"$schema": "https://opencode.ai/config.json",
"plugin": ["opencode-auth-kiro"]
}
Restart OpenCode after changing plugin config. OpenCode loads plugins at startup.
After the plugin is loaded, select models as kiro/<model-id>, for example:
{
"$schema": "https://opencode.ai/config.json",
"plugin": ["opencode-auth-kiro"],
"model": "kiro/claude-sonnet-4-5"
}
Recommended flow when Kiro Desktop is already signed in:
opencode auth login.Kiro Desktop Session.~/.aws/sso/cache/kiro-auth-token.json and the matching client registration from the Kiro Desktop cache.Direct social login flow:
opencode auth login.Kiro Account Login.Kiro CLI flow:
kiro-cli login if you already use the Kiro CLI.opencode auth login.Kiro CLI Session to import the existing Kiro CLI session.Kiro Account Login uses the same https://app.kiro.dev/signin portal flow as Kiro Desktop, but it can only exchange Google/GitHub social callbacks directly. For AWS Builder ID or IAM Identity Center accounts, use Kiro Desktop Session or Kiro CLI Session.
Thinking mode is enabled automatically when you select a -thinking model. Thinking models expose reasoning: true, stream reasoning as reasoning_content, and include these variants:
| Variant | Thinking budget |
|---|---|
low | 8192 |
medium | 16384 |
max | 32768 |
If no variant is selected, -thinking models use a default thinking budget of 20000.
The outgoing Kiro request uses native model fields:
{
"additionalModelRequestFields": {
"thinking": {
"type": "enabled",
"budget_tokens": 20000
}
}
}
You can override the budget per request with either top-level thinkingConfig or OpenCode/OpenAI-compatible provider options:
{
"thinkingConfig": { "thinkingBudget": 32768 },
"providerOptions": {
"openaiCompatible": {
"thinkingConfig": { "thinkingBudget": 32768 }
}
}
}
| Model ID | Notes |
|---|---|
auto | Kiro auto routing |
claude-haiku-4-5 | Claude Haiku 4.5 |
claude-haiku-4-5-thinking | Thinking alias |
claude-sonnet-4 | Claude Sonnet 4.0 |
claude-sonnet-4-5 | Default model |
claude-sonnet-4-5-thinking | Thinking alias |
claude-sonnet-4-6 | 1M context |
claude-sonnet-4-6-thinking | 1M context, thinking alias |
claude-opus-4-5 | Claude Opus 4.5 |
claude-opus-4-5-thinking | Thinking alias |
claude-opus-4-6 | 1M context |
claude-opus-4-6-thinking | 1M context, thinking alias |
claude-opus-4-7 | 1M context |
claude-opus-4-7-thinking | 1M context, thinking alias |
claude-opus-4-8 | 1M context |
claude-opus-4-8-thinking | 1M context, thinking alias |
claude-3-7-sonnet | Claude 3.7 Sonnet |
minimax-m2.5 | MiniMax M2.5 |
minimax-m2.1 | MiniMax M2.1 |
glm-5 | GLM 5 |
deepseek-3.2 | DeepSeek 3.2 |
qwen3-coder-next | Qwen3 Coder Next |
The plugin follows the same public Kiro Desktop endpoint families found in the installed Kiro extension:
| Purpose | Endpoint |
|---|---|
| Portal sign-in | https://app.kiro.dev/signin |
| Social token exchange | https://prod.{region}.auth.desktop.kiro.dev/oauth/token |
| Desktop/social refresh | https://prod.{region}.auth.desktop.kiro.dev/refreshToken |
| Chat streaming | https://q.{region}.amazonaws.com/generateAssistantResponse |
| Usage limits | https://q.{region}.amazonaws.com/getUsageLimits |
| Builder ID / IdC OIDC | https://oidc.{region}.amazonaws.com/* |
| User info | https://view.awsapps.com/api/user/info |
User config is loaded from ~/.config/opencode/kiro.json on macOS/Linux or %APPDATA%\opencode\kiro.json on Windows.
Project config is loaded from .opencode/kiro.json in the active OpenCode project directory. Project config overrides user config.
Supported options include:
{
"$schema": "https://opencode.ai/config.json",
"account_selection_strategy": "lowest-usage",
"default_region": "us-east-1",
"rate_limit_retry_delay_ms": 5000,
"rate_limit_max_retries": 3,
"request_timeout_ms": 120000,
"token_expiry_buffer_ms": 60000,
"usage_tracking_enabled": true,
"auto_sync_kiro_cli": true,
"auth_server_port_start": 19847,
"auth_server_port_range": 10
}
npm install
npm run typecheck
npm run build
npm test
npm test skips the live Kiro endpoint probe by default. Run it with KIRO_LIVE_PROBE=1 only when you intentionally want to hit the real endpoint.
The package published to npm contains dist, README.md, and package.json only. Source, tests, and build artifacts remain available in the GitHub repository.
| Resource | URL |
|---|---|
| npm package | https://www.npmjs.com/package/opencode-auth-kiro |
| GitHub repository | https://github.com/YeiHai/Opencode-Auth-Kiro |
| OpenCode config schema | https://opencode.ai/config.json |
FAQs
OpenCode plugin for Kiro and AWS CodeWhisperer authentication
We found that opencode-auth-kiro demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket found 37 malicious PyPI wheels that abuse Python startup hooks to launch a Bun-powered credential stealer tied to Mini Shai-Hulud/Miasma.
Security News
RubyGems and Bundler 4.0.13 introduced an opt-in cooldown feature that delays newly published gems during dependency resolution.
Security News
pnpm 11.5 now recognizes npm staged publish approvals in release metadata, preventing those releases from being mistaken for lower-trust package publishes.