Alibaba Qwen OAuth Plugin for opencode

This plugin enables opencode to use Alibaba's Qwen models via OAuth authentication, allowing you to access the free tier (2,000 requests/day) with your Qwen account.

Note: This plugin is for OAuth authentication only. For API key authentication with DashScope, use OpenCode's built-in Alibaba provider support.

Found this useful? Follow me on X @thingygeoff for future updates and more projects!

Special thanks! A special thanks to Numman Ali for the original opencode-openai-codex-auth plugin that served as the inspiration and starting point for this project.

⚠️ Terms of Service & Usage Notice

Important: This plugin is designed for personal development use only with your own Qwen account. By using this tool, you agree to:

• ✅ Use only for individual productivity and coding assistance
• ✅ Respect Alibaba's rate limits and usage policies
• ✅ Not use to power commercial services or resell access
• ✅ Comply with Qwen's Terms of Service and usage policies

This tool uses Alibaba's official OAuth authentication for Qwen models. However, users are responsible for ensuring their usage complies with Alibaba's terms.

⚠️ Not Suitable For:

• Commercial API resale or white-labeling
• High-volume automated extraction beyond personal use
• Applications serving multiple users with one subscription
• Any use that violates Alibaba's acceptable use policies

For production applications or commercial use, use the DashScope API with proper API keys.

Features

• ✅ Qwen account OAuth authentication - Access free tier (2,000 requests/day)
• ✅ Portal API integration - Uses Qwen's Portal API with coder-model
• ✅ Zero external dependencies - Lightweight with only @openauthjs/openauth
• ✅ Auto-refreshing tokens - Handles token expiration automatically
• ✅ OpenAI-compatible API - Works with existing opencode workflows
• ✅ Full tool support - write, edit, bash, grep, glob, and more
• ✅ QWEN_MODE - Qwen Code prompt integration (enabled by default)
• ✅ Dynamic API endpoints - Uses resource_url from token response
• ✅ Device Authorization Grant - Secure OAuth flow (RFC 8628)
• ✅ Type-safe & tested - Strict TypeScript with 87 passing tests
• ✅ Modular architecture - Easy to maintain and extend

Installation

Quick Start

No npm install needed! opencode automatically installs plugins when you add them to your config.

Basic Configuration

1. Add the plugin to your opencode config file:

{
  "$schema": "https://opencode.ai/config.json",
  "plugin": ["opencode-alibaba-qwen3-auth"],
  "model": "alibaba/coder-model"
}

Global config: ~/.config/opencode/opencode.json Project config: <project>/.opencode.json

2. That's it! opencode will auto-install the plugin on first run.

New to opencode? Learn more at opencode.ai

Authentication

opencode auth login

Select "Alibaba" → "Qwen Account (OAuth)"

Updating the Plugin

⚠️ Important: OpenCode does NOT auto-update plugins.

To install the latest version:

# Clear plugin cache
(cd ~ && sed -i.bak '/"opencode-alibaba-qwen3-auth"/d' .cache/opencode/package.json && rm -rf .cache/opencode/node_modules/opencode-alibaba-qwen3-auth)

# Restart OpenCode - it will reinstall latest version
opencode

Check releases for version history.

Usage

Use Qwen's coding model via command line:

opencode run "create a hello world file" --model=alibaba/coder-model
opencode chat --model=alibaba/coder-model

Available Model

This plugin provides access to one model:

| Model ID | Description | |----------|-------------| | alibaba/coder-model | Qwen's coding model optimized for programming tasks via OAuth |

Note: This uses Qwen's Portal API with OAuth authentication. Provides access to the free tier (2,000 requests/day).

Using in Custom Commands

Important: Always include the alibaba/ prefix:

# ✅ Correct
model: alibaba/coder-model

# ❌ Wrong - will fail
model: coder-model

Configuration

Basic Configuration

The plugin works with standard opencode configuration:

{
  "$schema": "https://opencode.ai/config.json",
  "plugin": ["opencode-alibaba-qwen3-auth"],
  "model": "alibaba/coder-model"
}

That's it! No additional configuration needed.

Rate Limits & Responsible Use

This plugin respects the rate limits enforced by Alibaba's Qwen API:

• Rate limits are determined by your Qwen account tier
• Limits are enforced server-side through OAuth tokens
• The plugin does NOT and CANNOT bypass Alibaba's rate limits

Best Practices:

• ✅ Use for individual coding tasks, not bulk processing
• ✅ Avoid rapid-fire automated requests
• ✅ Monitor your usage to stay within account limits
• ✅ Consider the DashScope API for higher-volume needs
• ❌ Do not use for commercial services without proper API access
• ❌ Do not share authentication tokens or credentials

Note: Excessive usage or violations of Alibaba's terms may result in temporary throttling or account review.

Requirements

• Qwen account (required)
• OpenCode installed (opencode.ai)

Troubleshooting

Common Issues

Authentication Errors

401 Unauthorized / Token Expired

• Symptom: Requests fail with "Authentication required" or "Token expired"
• Solution: Run opencode auth login to refresh your authentication
• Why: OAuth tokens expire after a certain period (typically 24 hours)

Device Code Expired During Login

• Symptom: "Device authorization timed out" during opencode auth login
• Solution: The device code expires after 10 minutes. Start the login process again
• Tip: Complete the browser authentication within 10 minutes of starting the login

User Denied Authorization

• Symptom: "User denied authorization" error
• Solution: You clicked "Deny" in the browser. Run opencode auth login again and click "Allow"

Model Configuration Issues

Model Not Found

• Symptom: "Model not found" or "Invalid model" error
• Solution: Add alibaba/ prefix to your model name (e.g., --model=alibaba/coder-model)
• Why: OpenCode requires provider prefix to route requests to the correct plugin

Wrong API Endpoint

• Symptom: Requests go to wrong URL or fail with 404
• Solution: This plugin uses Portal API (OAuth). For API key auth, use OpenCode's built-in DashScope support
• Note: Don't mix OAuth and API key authentication methods

Connection Issues

Network Errors

• Symptom: "Failed to fetch" or connection timeout
• Solution:
  1. Check your internet connection
  2. Verify Qwen services are operational
  3. Check if you're behind a proxy/firewall
• Offline Mode: Plugin will use cached prompts if GitHub is unavailable

Rate Limiting (429 Errors)

• Symptom: "Rate limit exceeded" error
• Solution:
  • Free tier: 2,000 requests/day limit
  • Wait for rate limit to reset (usually 24 hours)
  • Consider upgrading your Qwen account for higher limits
• Check Usage: Visit Qwen Portal to see your usage

Token Management

How Do I Know If My Token Expired?

• Tokens are automatically refreshed 5 minutes before expiry
• If refresh fails, you'll see "Authentication required" error
• Check token status: cat ~/.opencode/qwen/token.json (look for expires_at)

How Do I Revoke Access?

1. Visit Qwen Account Settings
2. Go to "Connected Apps" or "OAuth Applications"
3. Find "Qwen Code" and click "Revoke"
4. Delete local token: rm ~/.opencode/qwen/token.json

Manual Token Cleanup

# Remove all authentication data
rm -rf ~/.opencode/qwen/

# Then re-authenticate
opencode auth login

Configuration Issues

QWEN_MODE Not Working

• Symptom: Unexpected behavior with prompts
• Solution:
  • Check ~/.opencode/qwen/auth-config.json for qwenMode setting
  • Override with environment variable: QWEN_MODE=1 (enable) or QWEN_MODE=0 (disable)
• Default: QWEN_MODE is enabled by default

Plugin Not Loading

• Symptom: OpenCode doesn't recognize alibaba/ models
• Solution:
  1. Verify plugin is in ~/.opencode/opencode.json under plugins
  2. Check plugin path is correct
  3. Rebuild plugin: npm run build
  4. Restart OpenCode

Still Having Issues?

1. Enable Debug Logging (see Debug Mode section below)
2. Check Logs: ~/.opencode/logs/qwen-plugin/
3. Verify Configuration: cat ~/.opencode/opencode.json
4. Test Connection: Try a simple request first
5. Report Issues: GitHub Issues

Debug Mode

Enable detailed logging:

ENABLE_PLUGIN_REQUEST_LOGGING=1 opencode run "your prompt"

Logs saved to: ~/.opencode/logs/qwen-plugin/

Frequently Asked Questions

Is this against Alibaba's Terms of Service?

This plugin uses Alibaba's official OAuth authentication for Qwen models. It's designed for personal coding assistance with your own Qwen account.

However, users are responsible for ensuring their usage complies with Alibaba's Terms of Use. This means:

• Personal use for your own development
• Respecting rate limits
• Not reselling access or powering commercial services
• Following Alibaba's acceptable use policies

Can I use this for my commercial application?

No. This plugin is intended for personal development only.

For commercial applications, production systems, or services serving multiple users, you must obtain proper API access through the DashScope API.

Is this affiliated with Alibaba?

No. This is an independent open-source project. It uses Alibaba's publicly available OAuth authentication system but is not endorsed, sponsored, or affiliated with Alibaba.

Qwen and DashScope are trademarks of Alibaba Group.

Credits & Attribution

This plugin implements OAuth authentication for Alibaba's Qwen API, using the same authentication flow as:

• Qwen Code CLI
• Qwen OAuth authorization server (https://chat.qwen.ai)

Acknowledgments

Based on research and working implementations from:

• Numman Ali's opencode-openai-codex-auth - Original OAuth plugin that served as the foundation for this project
• sst/opencode
• Qwen API documentation and OAuth flows

Trademark Notice

Not affiliated with Alibaba. Qwen, DashScope, and Alibaba are trademarks of Alibaba Group. This is an independent open-source project and is not endorsed by, sponsored by, or affiliated with Alibaba.

Documentation

📖 Documentation:

• Installation - Get started quickly
• Configuration - Customize your setup
• Troubleshooting - Common issues
• Architecture - System design and diagrams
• Migration Guide - Migrate from other Qwen plugins

License

MIT