opencode-deepseek-auth

DeepSeek Authentication Plugin for OpenCode

Authenticate the OpenCode CLI with your DeepSeek account credentials. This plugin enables you to use your existing DeepSeek account directly within OpenCode, bypassing the need for separate API keys.

Prerequisites

• OpenCode CLI installed.
• A DeepSeek account with access to their service.

Installation

Add the plugin to your OpenCode configuration file (~/.config/opencode/opencode.json or similar):

{
  "$schema": "https://opencode.ai/config.json",
  "plugin": ["opencode-deepseek-auth@latest"]
}

Usage

Method 1: Email/Password Authentication (Recommended)

• Login: Run the authentication command in your terminal:

  opencode auth login
  

• Select Provider: Choose DeepSeek from the list.

• Authenticate: Select Login with DeepSeek Account.

  • Enter your email and password when prompted
  • Your credentials will be stored securely for future use

Method 2: Direct Access Token

If you have an existing DeepSeek access token, you can set it directly:

opencode auth set --provider deepseek --api-key "your-deepseek-access-token"

Method 3: Config-based Authentication

You can also put DeepSeek credentials directly in your OpenCode config file:

File: ~/.config/opencode/opencode.json

{
  "provider": {
    "deepseek": {
      "apiKey": "email:password"  // Replace with your actual email and password
    }
  }
}

Configuration

Model list

Below are example model entries you can add under provider.deepseek.models in your OpenCode config.

File: ~/.config/opencode/opencode.json

{
  "provider": {
    "deepseek": {
      "models": {
        "deepseek-chat": {
          "displayName": "DeepSeek Chat",
          "maxTokens": 8192
        },
        "deepseek-reasoner": {
          "displayName": "DeepSeek Reasoner",
          "maxTokens": 8192
        }
      }
    }
  }
}

Features

• Dual Authentication Support: Supports both email:password flow and direct access token authentication
• Smart Format Recognition: Automatically detects between email:password and regular API keys
• Secure Storage: Securely manages your DeepSeek credentials
• Automatic Token Refresh: Handles token lifecycle and refreshing when needed
• OpenCode Integration: Seamless integration with OpenCode's authentication system
• Conflict Resolution: Properly separates OpenCode's own API keys from DeepSeek authentication
• Free Usage: Leverage your existing DeepSeek account quota and features

How It Works

The plugin now supports two authentication modes:

Email/Password Mode:

• Authenticate directly with DeepSeek's API using your email and password
• Obtain an access token from DeepSeek
• Use this token to make authenticated requests to DeepSeek's API
• Manage token lifecycle and refresh when needed

Direct Token Mode:

• Accept a direct access token as the API key
• Use this token directly with DeepSeek's API
• Handle request preparation and response transformation

Authentication Format Detection

The plugin intelligently determines the authentication method:

• Email:Password Detection: If apiKey contains exactly one colon (:) and the first part contains @ (email) or appears to be a phone number, it treats it as email:password
• Explicit Provider Marking: If the auth object has provider: "deepseek" or type: "deepseek-email-password", it always treats the key as email:password format
• Regular API Key: Otherwise, treats the value as a direct access token

Troubleshooting

Authentication Issues

• OpenCode API key conflict: If OpenCode reports your API key is invalid, ensure you're using the correct format for your intended authentication method
• Email:Password Format: Must be in email:password or phone:password format. Special characters in passwords may require URL encoding
• Direct Token: If using a direct access token, ensure it's a valid DeepSeek access token

Common Solutions

• Verify that your email and password are correct
• Check that your DeepSeek account is active and not suspended
• Ensure you're not hitting rate limits
• If experiencing conflicts, try explicit authentication method via the config file

Token Expiration

The plugin handles token refresh automatically, but if you encounter authentication errors, you can re-authenticate with:

opencode auth login

Or clear the stored credentials:

opencode auth clear --provider deepseek

Development

To develop on this plugin locally:

• Clone:

  git clone https://github.com/yourusername/opencode-deepseek-auth.git
  cd opencode-deepseek-auth
  npm install
  npm run build
  

• Link: Update your OpenCode config to point to your local directory using a file:// URL:

  {
    "plugin": ["file:///absolute/path/to/opencode-deepseek-auth"]
  }
  

License

MIT