MiniMax OAuth
MiniMax OAuth
Section titled “MiniMax OAuth”Hermes Agent supports MiniMax through a browser-based OAuth login flow, using the same credentials as the MiniMax portal. No API key or credit card is required — log in once and Hermes automatically refreshes your session.
The transport reuses the anthropic_messages adapter (MiniMax exposes an Anthropic Messages-compatible endpoint at /anthropic), so all existing tool-calling, streaming, and context features work without any adapter changes.
Overview
Section titled “Overview”| Item | Value |
|---|---|
| Provider ID | minimax-oauth |
| Display name | MiniMax (OAuth) |
| Auth type | Browser OAuth (PKCE device-code flow) |
| Transport | Anthropic Messages-compatible (anthropic_messages) |
| Models | MiniMax-M2.7, MiniMax-M2.7-highspeed |
| Global endpoint | https://api.minimax.io/anthropic |
| China endpoint | https://api.minimaxi.com/anthropic |
| Requires env var | No (MINIMAX_API_KEY is not used for this provider) |
Prerequisites
Section titled “Prerequisites”- Python 3.9+
- Hermes Agent installed
- A MiniMax account at minimax.io (global) or minimaxi.com (China)
- A browser available on the local machine (or use
--no-browserfor remote sessions)
Quick Start
Section titled “Quick Start”# Launch the provider and model pickerhermes model# → Select "MiniMax (OAuth)" from the provider list# → Hermes opens your browser to the MiniMax authorization page# → Approve access in the browser# → Select a model (MiniMax-M2.7 or MiniMax-M2.7-highspeed)# → Start chatting
hermesAfter the first login, credentials are stored under ~/.hermes/auth.json and are refreshed automatically before each session.
Logging In Manually
Section titled “Logging In Manually”You can trigger a login without going through the model picker:
hermes auth add minimax-oauthChina region
Section titled “China region”If your account is on the China platform (minimaxi.com), pass --region cn:
hermes auth add minimax-oauth --region cnRemote / headless sessions
Section titled “Remote / headless sessions”On servers or containers where no browser is available:
hermes auth add minimax-oauth --no-browserHermes will print the verification URL and user code — open the URL on any device and enter the code when prompted.
The OAuth Flow
Section titled “The OAuth Flow”Hermes implements a PKCE device-code flow against the MiniMax OAuth endpoints:
- Hermes generates a PKCE verifier / challenge pair and a random state value.
- It POSTs to
{base_url}/oauth/codewith the challenge and receives auser_codeandverification_uri. - Your browser opens
verification_uri. If prompted, enter theuser_code. - Hermes polls
{base_url}/oauth/tokenuntil the token arrives (or the deadline passes). - Tokens (
access_token,refresh_token, expiry) are saved to~/.hermes/auth.jsonunder theminimax-oauthkey.
Token refresh (standard OAuth refresh_token grant) runs automatically at each session start when the access token is within 60 seconds of expiry.
Checking Login Status
Section titled “Checking Login Status”hermes doctorThe ◆ Auth Providers section will show:
✓ MiniMax OAuth (logged in, region=global)or, if not logged in:
⚠ MiniMax OAuth (not logged in)Switching Models
Section titled “Switching Models”hermes model# → Select "MiniMax (OAuth)"# → Pick from the model listOr set the model directly:
hermes config set model MiniMax-M2.7hermes config set provider minimax-oauthConfiguration Reference
Section titled “Configuration Reference”After login, ~/.hermes/config.yaml will contain entries similar to:
model: default: MiniMax-M2.7 provider: minimax-oauth base_url: https://api.minimax.io/anthropic--region flag
Section titled “--region flag”| Value | Portal | Inference endpoint |
|---|---|---|
global (default) | https://api.minimax.io | https://api.minimax.io/anthropic |
cn | https://api.minimaxi.com | https://api.minimaxi.com/anthropic |
Provider aliases
Section titled “Provider aliases”All of the following resolve to minimax-oauth:
hermes --provider minimax-oauth # canonicalhermes --provider minimax-portal # aliashermes --provider minimax-global # aliashermes --provider minimax_oauth # alias (underscore form)Environment Variables
Section titled “Environment Variables”The minimax-oauth provider does not use MINIMAX_API_KEY or MINIMAX_BASE_URL. Those variables are for the API-key-based minimax and minimax-cn providers only.
| Variable | Effect |
|---|---|
MINIMAX_API_KEY | Used by minimax provider only — ignored for minimax-oauth |
MINIMAX_CN_API_KEY | Used by minimax-cn provider only — ignored for minimax-oauth |
To force the minimax-oauth provider at runtime:
HERMES_INFERENCE_PROVIDER=minimax-oauth hermesModels
Section titled “Models”| Model | Best for |
|---|---|
MiniMax-M2.7 | Long-context reasoning, complex tool-calling |
MiniMax-M2.7-highspeed | Lower latency, lighter tasks, auxiliary calls |
Both models support up to 200,000 tokens of context.
MiniMax-M2.7-highspeed is also used automatically as the auxiliary model for vision and delegation tasks when minimax-oauth is the primary provider.
Troubleshooting
Section titled “Troubleshooting”Token expired — not re-logging in automatically
Section titled “Token expired — not re-logging in automatically”Hermes refreshes the token on every session start if it is within 60 seconds of expiry. If the access token is already expired (for example, after a long offline period), the refresh happens automatically on the next request. If refresh fails with refresh_token_reused or invalid_grant, Hermes marks the session as requiring re-login.
Fix: run hermes auth add minimax-oauth again to start a fresh login.
Authorization timed out
Section titled “Authorization timed out”The device-code flow has a finite expiry window. If you don’t approve the login in time, Hermes raises a timeout error.
Fix: re-run hermes auth add minimax-oauth (or hermes model). The flow starts fresh.
State mismatch (possible CSRF)
Section titled “State mismatch (possible CSRF)”Hermes detected that the state value returned by the authorization server does not match what it sent.
Fix: re-run the login. If it persists, check for a proxy or redirect that is modifying the OAuth response.
Logging in from a remote server
Section titled “Logging in from a remote server”If hermes cannot open a browser window, use --no-browser:
hermes auth add minimax-oauth --no-browserHermes prints the URL and code. Open the URL on any device and complete the flow there.
”Not logged into MiniMax OAuth” error at runtime
Section titled “”Not logged into MiniMax OAuth” error at runtime”The auth store has no credentials for minimax-oauth. You have not logged in yet, or the credential file was deleted.
Fix: run hermes model and select MiniMax (OAuth), or run hermes auth add minimax-oauth.
Logging Out
Section titled “Logging Out”To remove stored MiniMax OAuth credentials:
hermes auth remove minimax-oauth