openai
"Sign in With ChatGPT" functionality needs to be robust against all account types
The bulk of the work to support this feature was implemented in these PRs:
- https://github.com/openai/codex/pull/1212
- https://github.com/openai/codex/pull/1221
That said, I know there are cases where users may or may not have credits, differences between Pro and Plus, etc., and we need to be sure that all edge cases are addressed and that users see appropriate messaging.
to save ~/.codex/auth.json
npx @brantes/codex-get-auth-conf
This is what I currently get with codex login. A very confused LLM trying to figure out what I mean by "login" 😆 Just mentioning it in case it helps. It works great with the API key in the env.
I attempted to log in with a Plus account. I am able to use gpt-4.1, but not the default model codex-mini-latest, or the o-series models, due to the organization needing to be verified. Perhaps of note is that I've previously logged in to platform.openai.com with this account (but have not purchased credits). In the browser, the login flow completes successfully, although on the "Codex CLI wants access to your API organization" page [1], the "New organization" option [2] reports "invalid organization id" [3]; the existing default org works. Screenshots below.
: 10:11:28 ~ ; type codex
codex is /opt/homebrew/bin/codex
: 10:11:30 ~ ; codex login
Starting local login server on http://localhost:1455
If your browser did not open, navigate to this URL to authenticate:
https://auth.openai.com/oauth/authorize?response_type=code&client_id=app_XXXXXXXXXXXXXXXXXXXXXXXX&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&code_challenge=XXXXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXX&code_challenge_method=S256&id_token_add_organizations=true&state=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Credit redemption request failed: HTTP Error 400: Bad Request
Successfully logged in
: 10:12:13 ~ ; codex --version
codex-cli 0.2.0
Entering a prompt into Codex then results with this error:
ERROR: unexpected status 400 Bad Request: {"error": {"message": "Your organization must be verified to generate reasoning summaries. Please go to: https://platform.openai.com/settings/organization/general and click on Verify Organization. If you just verified, it can take up to 15 minutes for access to propagate." "type": "invalid_request_error", "param": "reasoning.summary", "code": "unsupported_value" }}
I have not completed the "Verify Organization" workflow as that requires purchasing credits, which I would not like to do at this time.
Using codex -m gpt-4.1 DOES work.
I attempted to log in with a Plus account. I am able to use gpt-4.1, but not the default model codex-mini-latest, or the o-series models, due to the organization needing to be verified. Perhaps of note is that I've previously logged in to platform.openai.com with this account (but have not purchased credits). In the browser, the login flow completes successfully, although on the "Codex CLI wants access to your API organization" page [1], the "New organization" option [2] reports "invalid organization id" [3]; the existing default org works. Screenshots below.
: 10:11:28 ~ ; type codex codex is /opt/homebrew/bin/codex : 10:11:30 ~ ; codex login Starting local login server on http://localhost:1455 If your browser did not open, navigate to this URL to authenticate: https://auth.openai.com/oauth/authorize?response_type=code&client_id=app_XXXXXXXXXXXXXXXXXXXXXXXX&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&code_challenge=XXXXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXX&code_challenge_method=S256&id_token_add_organizations=true&state=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Credit redemption request failed: HTTP Error 400: Bad Request Successfully logged in : 10:12:13 ~ ; codex --version codex-cli 0.2.0Entering a prompt into Codex then results with this error:
ERROR: unexpected status 400 Bad Request: {"error": {"message": "Your organization must be verified to generate reasoning summaries. Please go to: https://platform.openai.com/settings/organization/general and click on Verify Organization. If you just verified, it can take up to 15 minutes for access to propagate." "type": "invalid_request_error", "param": "reasoning.summary", "code": "unsupported_value" }}I have not completed the "Verify Organization" workflow as that requires purchasing credits, which I would not like to do at this time.
Using
codex -m gpt-4.1DOES work.
Same here, doesn't work for me
I get this when I try to login to ChatGPT
Route Error (500 ): "The operation is insecure."
I only see requests to datadog being blocked by uBlock Origin. Using Firefox 140.0.2
FWIW This flow does not degrade gracefully with a company-provided ChatGPT account that does not have access to platform.openai.com.
Codex works on the hosted Web UI (as expected) but without API access, codex-cli cannot work. The login fails with a "Authentication Error - No eligible ChatGPT account found." error on the web auth flow. This requires a Ctrl-C in the terminal.
(for the avoidance of doubt - I don't expect the login flow or codex-cli to work without access to the API, but it could potentially handle the error more gracefully).
I logged in using my ChatGPT account (I am a plus subscriber) and I get the following error.
Credit redemption request failed: 400 Bad Request
The model "codex-mini-latest" does not appear in the list of models available to your account. Double-check the spelling (use
openai models list
to see the full list) or choose another model with the --model flag.
I tried to use the --model option to use GPT-4.1 but it showed that I do not have enough quota.
I believe I should have access to Codex as a ChatGPT Plus customer right?
I'm also Plus subscriber and getting error
"ERROR: unexpected status 400 Bad Request: {"error": {"message": "Your organization must be verified to generate reasoning summaries. Please go to: https://platform.openai.com/settings/organization/general and click on Verify Organization. If you just verified, it can take up to 15 minutes for access to propagate." "type": "invalid_request_error", "param": "reasoning.summary", "code": "unsupported_value" }}" while trying to use codex in interactive mode with codex-mini-latest enabled. Are plus users limited to GPT-4.1 or something? 🤔
Now I get this instead...
Route Error (409 ): {
"error": {
"message": "Invalid client. Please start over.",
"type": "invalid_request_error",
"param": null,
"code": "invalid_state"
}
}
Seems to be on another datadog.client initiated request against the auth endpoint https://auth.openai.com/api/accounts/authorize/continue
When I logging, the result is:
Credit redemption request failed: HTTP Error 400: Bad Request
Successfully logged in
And after:
Is not CODEX CLI included in the Team subscription license? Because after the login, seems that it generates an API key and start to count the cost per token in the platform.
i ran that over an ssh connection. Therefore the redirection to the localhost part can never work. I know this is an edge case but if we can allow hand copy the redirect link to the console the process can then move on to the next part.
I also tried curl the redirect link on a separate terminal.
the main thread i got
d@1e018257db70:~/.codex$ codex login
Starting local login server on http://localhost:1455
If your browser did not open, navigate to this URL to authenticate:
https://auth.openai.com/oauth/authorize?response_type=code&client_id=app_EMoamEEZ73f0CkXaXp7hrann&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&code_challenge=XEFlBejjSmvmkM0bG1K_stCfnITiA3WRdivnH_QRKwo&code_challenge_method=S256&id_token_add_organizations=true&state=e3bbecc0ed7353991648446fa0be9da09e54ff9fe70ae4c1f8b1058ef3cf8714
Error logging in: login_with_chatgpt subprocess failed:
d@1e018257db70:~/.codex$
the 2nd thread:
d@1e018257db70:~$ curl http://localhost:1455/auth/callback?code=ac_VRjn8dya2yvWS7XszsT0q_2SWKJO-oDiVyY9t-Rj4R0.OPr7Cv_sCWoF6lP5d8pNJWcmE7Q3lMEaoTddVsoTCoE&scope=openid+profile+email+offline_access&state=e3bbecc0ed7353991648446fa0be9da09e54ff9fe70ae4c1f8b1058ef3cf8714
[1] 10436
[2] 10437
d@1e018257db70:~$ <!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error response</title>
</head>
<body>
<h1>Error response</h1>
<p>Error code: 400</p>
<p>Message: State parameter mismatch.</p>
<p>Error code explanation: 400 - Bad request syntax or unsupported method.</p>
</body>
</html>
[1]- Done curl http://localhost:1455/auth/callback?code=ac_VRjn8dya2yvWS7XszsT0q_2SWKJO-oDiVyY9t-Rj4R0.OPr7Cv_sCWoF6lP5d8pNJWcmE7Q3lMEaoTddVsoTCoE
[2]+ Done scope=openid+profile+email+offline_access
Have the same issue as @javichu148
and after
This some logs
mac system I have plus subscription
It seems that this is a very recent problem? https://github.com/openai/codex/issues/1481
Same issue as well on Windows 11 with WSL and a ChatGPT plus user, I am able to login via the OAuth flow and then am presented with
Credit redemption request failed: HTTP Error 400: Bad Request
Successfully logged in
Then the same experience as some individuals in this thread
I have a "Team" account and tried to login. After I login succesfully, in the terminal I see:
Only users with Plus or Pro subscriptions can redeem free API credits.
Successfully logged in
which is quite confusing 🫤
Do I have access to Codex CLI or not?
Plus user. Mac 15.5 (24F74). Login with Apple. After logging in and clicking continue on the "Codex CLI wants access to your API organization" page, I'm redirected to: http://localhost:1455/auth/callback?code=[redacted]&scope=openid+profile+email+offline_access&state=[redacted]
And the below error:
Error response
Error code: 500
Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.
Error code explanation: 500 - Server got itself in trouble.
Plus user. Mac 15.5 (24F74). Login with Apple. After logging in and clicking continue on the "Codex CLI wants access to your API organization" page, I'm redirected to: http://localhost:1455/auth/callback?code=[redacted]&scope=openid+profile+email+offline_access&state=[redacted]
And the below error:
Error response
Error code: 500
Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.
Error code explanation: 500 - Server got itself in trouble.
Was actually able to fix this by running Install\ Certificates.command from python directory.
Error code: 500
Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.
Error code explanation: 500 - Server got itself in trouble.
MacOS 26.0 Beta
This worked for me:
pip3 install --upgrade certifi
export SSL_CERT_FILE="$(python3 -c 'import certifi; print(certifi.where())')"
Plus user. Mac 15.5 (24F74). Login with Apple. After logging in and clicking continue on the "Codex CLI wants access to your API organization" page, I'm redirected to: http://localhost:1455/auth/callback?code=[redacted]&scope=openid+profile+email+offline_access&state=[redacted]
And the below error:
Error response
Error code: 500 Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>. Error code explanation: 500 - Server got itself in trouble.
Was actually able to fix this by running
Install\ Certificates.commandfrom python directory.
Despite 'successfully' installing, it looks like I'm unable to actually successfully use it. Similar issues to some above.
I still get this error also after installing the certificates.
Error response Error code: 500 Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1020)>. Error code explanation: 500 - Server got itself in trouble.
I am getting a screen full of these w/0.7.0:
│event │
│BackgroundEvent(BackgroundEventEvent { message: "stream error: stream disconnected before completion: stream closed before response.completed; │
│retrying 1/10 in 208ms…" }) │
│ │
│event │
│BackgroundEvent(BackgroundEventEvent { message: "stream error: stream disconnected before completion: stream closed before response.completed; │
│retrying 2/10 in 248ms…" }) │
│ │
│event │
│BackgroundEvent(BackgroundEventEvent { message: "stream error: stream disconnected before completion: stream closed before response.completed; │
│retrying 3/10 in 339ms…" }) │
│
I have a paid Pro account.
I’m encountering this error after completing the authorization and granting the app access to my API key. I have a team subscription and installed the CLI using brew
Error response
Error code: 500
Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.
Error code explanation: 500 - Server got itself in trouble.
codex login, page opens, login with google, input 2fa code, click into final step with defaults, and get these errors
- installed with homebrew
- Pro membership
- viable API key
Terminal Output:
└─[$]> codex login
Starting local login server on http://localhost:1455
If your browser did not open, navigate to this URL to authenticate:
https://auth.openai.com/oauth/authorize?response_type=code&client_id=app_EMoamEEZ73f0CkXaXp7hrann&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&code_challenge=Y5aLjGmeIONHScp7kiYQWnQfLK033DJvpxRap81miRI&code_challenge_method=S256&id_token_add_organizations=true&state=c32bd82f4f8e16b94c30ed03c8175b42f922ba2255f84d51e09fa9ed689c0cd8
Error logging in: login_with_chatgpt subprocess failed:
Error on webpage:
Error response
Error code: 500
Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.
Error code explanation: 500 - Server got itself in trouble.
Plus User, trying to log in from an Ubuntu server that I am ssh'ed into.
When i do codex login, it generates a URL that I then put into my dev pcs browser (not the server). Then I go through the authentication process.
After logging in it seems to want me to link with my API account, but I want to use the Plus account not my API key. Regardless, if I move forward with the API account, it errors out. If I try a new account I get this
If I try my existing account I get this
Goal is to login from my server (since thats where I will be running codex) and to use my Plus account not my API key.
Pro Account API Usage Tier 1 (with positive balance) Codex 0.7.0 installed with brew on MacOS 15.5
codex login opens browser and I successfully log in:
The CLI says otherwise:
Attempting any chat within the TUI:
API key is getting generated in my API account:
