"Sign in With ChatGPT" functionality needs to be robust against all account types

Question

"Sign in With ChatGPT" functionality needs to be robust against all account types

Closed this issue 23 days ago · 169 comments

The bulk of the work to support this feature was implemented in these PRs:

#1212
#1221

That said, I know there are cases where users may or may not have credits, differences between Pro and Plus, etc., and we need to be sure that all edge cases are addressed and that users see appropriate messaging.

Answer 1 · 2025-07-03T23:24:29.000Z

to save ~/.codex/auth.json

npx @brantes/codex-get-auth-conf

codex-get-auth-conf

Answer 2 · 2025-07-06T16:36:02.000Z

This is what I currently get with codex login. A very confused LLM trying to figure out what I mean by "login" 😆
Just mentioning it in case it helps. It works great with the API key in the env.

Answer 3 · 2025-07-06T17:40:35.000Z

I attempted to log in with a Plus account. I am able to use gpt-4.1, but not the default model codex-mini-latest, or the o-series models, due to the organization needing to be verified. Perhaps of note is that I've previously logged in to platform.openai.com with this account (but have not purchased credits). In the browser, the login flow completes successfully, although on the "Codex CLI wants access to your API organization" page [1], the "New organization" option [2] reports "invalid organization id" [3]; the existing default org works. Screenshots below.

: 10:11:28 ~ ; type codex
codex is /opt/homebrew/bin/codex
: 10:11:30 ~ ; codex login     
Starting local login server on http://localhost:1455
If your browser did not open, navigate to this URL to authenticate:

https://auth.openai.com/oauth/authorize?response_type=code&client_id=app_XXXXXXXXXXXXXXXXXXXXXXXX&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&code_challenge=XXXXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXX&code_challenge_method=S256&id_token_add_organizations=true&state=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Credit redemption request failed: HTTP Error 400: Bad Request
Successfully logged in
: 10:12:13 ~ ; codex --version
codex-cli 0.2.0

Entering a prompt into Codex then results with this error:

ERROR: unexpected status 400 Bad Request: {"error": {"message": "Your organization must be verified to generate reasoning summaries. Please go to: https://platform.openai.com/settings/organization/general and click on Verify Organization. If you just verified, it can take up to 15 minutes for access to propagate." "type": "invalid_request_error", "param": "reasoning.summary", "code": "unsupported_value" }}

I have not completed the "Verify Organization" workflow as that requires purchasing credits, which I would not like to do at this time.

Using codex -m gpt-4.1 DOES work.

Answer 4 · 2025-07-06T19:19:51.000Z

I attempted to log in with a Plus account. I am able to use gpt-4.1, but not the default model codex-mini-latest, or the o-series models, due to the organization needing to be verified. Perhaps of note is that I've previously logged in to platform.openai.com with this account (but have not purchased credits). In the browser, the login flow completes successfully, although on the "Codex CLI wants access to your API organization" page [1], the "New organization" option [2] reports "invalid organization id" [3]; the existing default org works. Screenshots below.
: 10:11:28 ~ ; type codex
codex is /opt/homebrew/bin/codex
: 10:11:30 ~ ; codex login     
Starting local login server on http://localhost:1455
If your browser did not open, navigate to this URL to authenticate:

https://auth.openai.com/oauth/authorize?response_type=code&client_id=app_XXXXXXXXXXXXXXXXXXXXXXXX&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&code_challenge=XXXXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXX&code_challenge_method=S256&id_token_add_organizations=true&state=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Credit redemption request failed: HTTP Error 400: Bad Request
Successfully logged in
: 10:12:13 ~ ; codex --version
codex-cli 0.2.0
Entering a prompt into Codex then results with this error:
ERROR: unexpected status 400 Bad Request: {"error": {"message": "Your organization must be verified to generate reasoning summaries. Please go to: https://platform.openai.com/settings/organization/general and click on Verify Organization. If you just verified, it can take up to 15 minutes for access to propagate." "type": "invalid_request_error", "param": "reasoning.summary", "code": "unsupported_value" }}
I have not completed the "Verify Organization" workflow as that requires purchasing credits, which I would not like to do at this time.

Using codex -m gpt-4.1 DOES work.

Same here, doesn't work for me

Answer 5 · 2025-07-07T11:04:42.000Z

I get this when I try to login to ChatGPT

Route Error (500 ): "The operation is insecure."

I only see requests to datadog being blocked by uBlock Origin.
Using Firefox 140.0.2

Answer 6 · 2025-07-07T12:12:50.000Z

FWIW This flow does not degrade gracefully with a company-provided ChatGPT account that does not have access to platform.openai.com.

Codex works on the hosted Web UI (as expected) but without API access, codex-cli cannot work. The login fails with a "Authentication Error - No eligible ChatGPT account found." error on the web auth flow. This requires a Ctrl-C in the terminal.

(for the avoidance of doubt - I don't expect the login flow or codex-cli to work without access to the API, but it could potentially handle the error more gracefully).

Answer 7 · 2025-07-07T23:56:23.000Z

I logged in using my ChatGPT account (I am a plus subscriber) and I get the following error.

Credit redemption request failed: 400 Bad Request
The model "codex-mini-latest" does not appear in the list of models available to your account. Double-check the spelling (use
  openai models list
to see the full list) or choose another model with the --model flag.

I tried to use the --model option to use GPT-4.1 but it showed that I do not have enough quota.

I believe I should have access to Codex as a ChatGPT Plus customer right?

Answer 8 · 2025-07-08T06:17:49.000Z

I'm also Plus subscriber and getting error
"ERROR: unexpected status 400 Bad Request: {"error": {"message": "Your organization must be verified to generate reasoning summaries. Please go to: https://platform.openai.com/settings/organization/general and click on Verify Organization. If you just verified, it can take up to 15 minutes for access to propagate." "type": "invalid_request_error", "param": "reasoning.summary", "code": "unsupported_value" }}" while trying to use codex in interactive mode with codex-mini-latest enabled. Are plus users limited to GPT-4.1 or something? 🤔

Answer 9 · 2025-07-08T07:25:10.000Z

Now I get this instead...

Route Error (409 ): {
  "error": {
    "message": "Invalid client. Please start over.",
    "type": "invalid_request_error",
    "param": null,
    "code": "invalid_state"
  }
}

Seems to be on another datadog.client initiated request against the auth endpoint https://auth.openai.com/api/accounts/authorize/continue

Answer 10 · 2025-07-08T15:21:47.000Z

When I logging, the result is:

Credit redemption request failed: HTTP Error 400: Bad Request
Successfully logged in

And after:

Answer 11 · 2025-07-08T21:41:22.000Z

Is not CODEX CLI included in the Team subscription license? Because after the login, seems that it generates an API key and start to count the cost per token in the platform.

Answer 12 · 2025-07-09T14:17:45.000Z

i ran that over an ssh connection. Therefore the redirection to the localhost part can never work. I know this is an edge case but if we can allow hand copy the redirect link to the console the process can then move on to the next part.

I also tried curl the redirect link on a separate terminal.

the main thread i got

d@1e018257db70:~/.codex$ codex login
Starting local login server on http://localhost:1455
If your browser did not open, navigate to this URL to authenticate:

https://auth.openai.com/oauth/authorize?response_type=code&client_id=app_EMoamEEZ73f0CkXaXp7hrann&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&code_challenge=XEFlBejjSmvmkM0bG1K_stCfnITiA3WRdivnH_QRKwo&code_challenge_method=S256&id_token_add_organizations=true&state=e3bbecc0ed7353991648446fa0be9da09e54ff9fe70ae4c1f8b1058ef3cf8714
Error logging in: login_with_chatgpt subprocess failed: 
d@1e018257db70:~/.codex$

the 2nd thread:

d@1e018257db70:~$ curl http://localhost:1455/auth/callback?code=ac_VRjn8dya2yvWS7XszsT0q_2SWKJO-oDiVyY9t-Rj4R0.OPr7Cv_sCWoF6lP5d8pNJWcmE7Q3lMEaoTddVsoTCoE&scope=openid+profile+email+offline_access&state=e3bbecc0ed7353991648446fa0be9da09e54ff9fe70ae4c1f8b1058ef3cf8714
[1] 10436
[2] 10437
d@1e018257db70:~$ <!DOCTYPE HTML>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <title>Error response</title>
    </head>
    <body>
        <h1>Error response</h1>
        <p>Error code: 400</p>
        <p>Message: State parameter mismatch.</p>
        <p>Error code explanation: 400 - Bad request syntax or unsupported method.</p>
    </body>
</html>

[1]-  Done                    curl http://localhost:1455/auth/callback?code=ac_VRjn8dya2yvWS7XszsT0q_2SWKJO-oDiVyY9t-Rj4R0.OPr7Cv_sCWoF6lP5d8pNJWcmE7Q3lMEaoTddVsoTCoE
[2]+  Done                    scope=openid+profile+email+offline_access

Answer 13 · 2025-07-09T22:53:51.000Z

Have the same issue as @javichu148

and after

This some logs

mac system
I have plus subscription

It seems that this is a very recent problem?
#1481

Answer 14 · 2025-07-09T23:40:06.000Z

Same issue as @laricko, plus subscription using macOS

Answer 15 · 2025-07-11T22:59:37.000Z

Same here, on ubuntu.

Answer 16 · 2025-07-12T00:29:39.000Z

Same issue as well on Windows 11 with WSL and a ChatGPT plus user, I am able to login via the OAuth flow and then am presented with

Credit redemption request failed: HTTP Error 400: Bad Request
Successfully logged in

Then the same experience as some individuals in this thread

Answer 17 · 2025-07-12T05:10:52.000Z

Same issue as @lemessdavi, plus subscription using macOS

Answer 18 · 2025-07-12T06:23:08.000Z

I have a "Team" account and tried to login. After I login succesfully, in the terminal I see:

Only users with Plus or Pro subscriptions can redeem free API credits.
Successfully logged in

which is quite confusing 🫤

Do I have access to Codex CLI or not?

Answer 19 · 2025-07-13T00:03:13.000Z

Plus user. Mac 15.5 (24F74). Login with Apple. After logging in and clicking continue on the "Codex CLI wants access to your API organization" page, I'm redirected to: http://localhost:1455/auth/callback?code=[redacted]&scope=openid+profile+email+offline_access&state=[redacted]

And the below error:

Error response

Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.

Error code explanation: 500 - Server got itself in trouble.

Answer 20 · 2025-07-13T00:07:36.000Z

Plus user. Mac 15.5 (24F74). Login with Apple. After logging in and clicking continue on the "Codex CLI wants access to your API organization" page, I'm redirected to: http://localhost:1455/auth/callback?code=[redacted]&scope=openid+profile+email+offline_access&state=[redacted]

And the below error:

Error response

Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.

Error code explanation: 500 - Server got itself in trouble.

Was actually able to fix this by running Install\ Certificates.command from python directory.

Answer 21 · 2025-07-13T11:51:57.000Z

Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.

Error code explanation: 500 - Server got itself in trouble.

MacOS 26.0 Beta

This worked for me:

pip3 install --upgrade certifi
export SSL_CERT_FILE="$(python3 -c 'import certifi; print(certifi.where())')"

Answer 22 · 2025-07-13T15:03:46.000Z

Plus user. Mac 15.5 (24F74). Login with Apple. After logging in and clicking continue on the "Codex CLI wants access to your API organization" page, I'm redirected to: http://localhost:1455/auth/callback?code=[redacted]&scope=openid+profile+email+offline_access&state=[redacted]

And the below error:

Error response

Error code: 500
Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.
Error code explanation: 500 - Server got itself in trouble.

Was actually able to fix this by running Install\ Certificates.command from python directory.

Despite 'successfully' installing, it looks like I'm unable to actually successfully use it. Similar issues to some above.

Answer 23 · 2025-07-14T20:59:36.000Z

I still get this error also after installing the certificates.

Error response
Error code: 500
Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1020)>.
Error code explanation: 500 - Server got itself in trouble.

Answer 24 · 2025-07-15T07:33:44.000Z

I am getting a screen full of these w/0.7.0:

│event                                                                                                                                                │
│BackgroundEvent(BackgroundEventEvent { message: "stream error: stream disconnected before completion: stream closed before response.completed;       │
│retrying 1/10 in 208ms…" })                                                                                                                          │
│                                                                                                                                                     │
│event                                                                                                                                                │
│BackgroundEvent(BackgroundEventEvent { message: "stream error: stream disconnected before completion: stream closed before response.completed;       │
│retrying 2/10 in 248ms…" })                                                                                                                          │
│                                                                                                                                                     │
│event                                                                                                                                                │
│BackgroundEvent(BackgroundEventEvent { message: "stream error: stream disconnected before completion: stream closed before response.completed;       │
│retrying 3/10 in 339ms…" })                                                                                                                          │
│

I have a paid Pro account.

Answer 25 · 2025-07-16T01:52:39.000Z

Getting "Operation timed out" with a plus account:

Answer 26 · 2025-07-16T18:01:00.000Z

I’m encountering this error after completing the authorization and granting the app access to my API key. I have a team subscription and installed the CLI using brew

Error response

Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.

Error code explanation: 500 - Server got itself in trouble.

Answer 27 · 2025-07-16T21:16:49.000Z

`codex login`, page opens, login with google, input 2fa code, click into final step with defaults, and get these errors

installed with homebrew
Pro membership
viable API key

Terminal Output:

└─[$]> codex login
Starting local login server on http://localhost:1455
If your browser did not open, navigate to this URL to authenticate:

https://auth.openai.com/oauth/authorize?response_type=code&client_id=app_EMoamEEZ73f0CkXaXp7hrann&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&code_challenge=Y5aLjGmeIONHScp7kiYQWnQfLK033DJvpxRap81miRI&code_challenge_method=S256&id_token_add_organizations=true&state=c32bd82f4f8e16b94c30ed03c8175b42f922ba2255f84d51e09fa9ed689c0cd8
Error logging in: login_with_chatgpt subprocess failed:

Error on webpage:

Error response
Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.

Error code explanation: 500 - Server got itself in trouble.

Answer 28 · 2025-07-16T23:53:23.000Z

Plus User, trying to log in from an Ubuntu server that I am ssh'ed into.

When i do codex login, it generates a URL that I then put into my dev pcs browser (not the server). Then I go through the authentication process.

After logging in it seems to want me to link with my API account, but I want to use the Plus account not my API key. Regardless, if I move forward with the API account, it errors out. If I try a new account I get this

If I try my existing account I get this

Goal is to login from my server (since thats where I will be running codex) and to use my Plus account not my API key.

Answer 29 · 2025-07-17T02:41:40.000Z

Pro Account
API Usage Tier 1 (with positive balance)
Codex 0.7.0 installed with brew on MacOS 15.5

codex login opens browser and I successfully log in:

The CLI says otherwise:

Attempting any chat within the TUI:

API key is getting generated in my API account:

Answer 30 · 2025-07-17T21:42:30.000Z

same for me

Answer 31 · 2025-07-20T04:56:35.000Z

Plus subscriber. But Codex still wants to use additional paid API calls.

Answer 32 · 2025-07-21T16:23:49.000Z

I have this same issue. Organization verified and with balance. It fails if I try to do use the login.

Answer 33 · 2025-07-21T21:26:53.000Z

So if you have a Pro account, is the CLI suppose to use that instead of an API organization/project and balance?

I’ve had no luck just using my Pro account. I get redirect to pick my organization and project on new sign-ins.

Answer 34 · 2025-07-22T13:35:29.000Z

Error response
Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.

Error code explanation: 500 - Server got itself in trouble.

It's trying to hit a localhost url
http://localhost:1455/auth/callback

Answer 35 · 2025-07-22T17:04:08.000Z

Yep, plus user, can't log in via codex login, gets to a "Codex CLI wants access to your API organization" page, click Continue, get localhost response

Error response

Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.

Error code explanation: 500 - Server got itself in trouble.

I'm using Google OAuth to authenticate, my subscription is via Google Play

Answer 36 · 2025-07-23T09:48:16.000Z

It would be nice to get some guidance on whether Teams accounts are eligible or not.

Route Error (400 ): {
  "error": {
    "message": "No eligible ChatGPT workspaces found.",
    "type": "invalid_request_error",
    "param": null,
    "code": "chatgpt_account_missing"
  }
}

Answer 37 · 2025-07-23T13:14:20.000Z

Even though I am a Plus user when I authenticate with codex login my request are charged through API

Answer 38 · 2025-07-23T14:41:43.000Z

Even though I am a Plus user when I authenticate with codex login my request are charged through API

If you have OPENAI_API_KEY in your environment variable, codex CLI might use that. Remove that or unset it.

Answer 39 · 2025-07-23T19:11:20.000Z

OPENAI_API_KEY

Which environment variables you are referring to I don't have any in terminal environmental variables or in he repository. Codex cli is intalled via brew. When I enter credentials I see Codex CLI wants access to your API organization screen.

Answer 40 · 2025-07-24T07:34:56.000Z

I am also a Teams-User. The Readme says

If you have a paid OpenAI account, run the following to start the login process:

but logging in returns an authentication error

"message": "No eligible ChatGPT workspaces found."

Answer 41 · 2025-07-24T09:51:48.000Z

codex login is starting a local login server on a headless server without a browser.

curl http://localhost:1455/auth/callback?code=.. gives:

Error logging in: login_with_chatgpt subprocess failed:

    Error response
    Error code: 400
    Message: State parameter mismatch.
    Error code explanation: 400 - Bad request syntax or unsupported method.

There should be a prompt to paste a token.

Answer 42 · 2025-07-24T13:21:30.000Z

Is this P0 being worked on? Is this an internal only effort, or are public contributions allowed?

Answer 43 · 2025-07-25T01:26:40.000Z

This flow is broken. Running codex login doesn't use my ChatGPT Plus Account. It seems to connect to my API account and that too doesn't work and shows this error message.

Error response
Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)>.

Error code explanation: 500 - Server got itself in trouble.

Does it used to work and broke recently? If yes, I can take a look and see what's going wrong.

Answer 44 · 2025-07-25T02:24:34.000Z

Replying to my previous message, after running /Applications/Python 3.x/Install Certificates.command, the SSL error is gone. Now it says that I need to wait 7 days to redeem credits. So just need to wait for 7 more days to use codex CLI.

Sorry, your subscription must be active for more than 7 days to redeem credits.
Successfully logged in

This flow is broken. Running codex login doesn't use my ChatGPT Plus Account. It seems to connect to my API account and that too doesn't work and shows this error message.
Error response
Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)>.

Error code explanation: 500 - Server got itself in trouble.
Does it used to work and broke recently? If yes, I can take a look and see what's going wrong.

Answer 45 · 2025-07-25T14:21:58.000Z

When trying to login with CLI as a Plus user I get below error, what could be the issue? Codex works well without any problem from Web

⚠ Insufficient quota: You exceeded your current quota, please check your plan and billing details. For more information on this error, read the docs:
https://platform.openai.com/docs/guides/error-codes/api-errors. Manage or purchase credits at https://platform.openai.com/account/billing.

Answer 46 · 2025-07-25T21:40:32.000Z

Yep, plus user, can't log in via codex login, gets to a "Codex CLI wants access to your API organization" page, click Continue, get localhost response
Error response

Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.

Error code explanation: 500 - Server got itself in trouble.
I'm using Google OAuth to authenticate, my subscription is via Google Play

Okay! For me this was a Mac specific Python 3 issue where Python wasn't finding the certificate authority (CA) bundle. If you're using Homebrew Python, then:

brew update && brew upgrade && brew reinstall python

That builds Python against the latest OpenSSL and links to the correct CA certs.

Other Python installs (e.g. from python.org, pyenv) will need different fixes, but the underlying issue is likely the same: Python can't find valid certificates so HTTPS fails

Am I right in thinking the Python version is being rebuilt in Rust, so this particular issue will go away?

Answer 47 · 2025-07-26T10:34:55.000Z

And now it wants me to verify my "organisation" on a personal account, using biometrics processed by a third party. No thank you. I think I am going to wait for a while, tihs is a cool concept, and I look forward to trying it out, but it's not at the UX feedback stage for ChatGPT users yet

Answer 48 · 2025-07-26T14:20:19.000Z

I was faced with this issue

Error response
Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1010)>.

Error code explanation: 500 - Server got itself in trouble.

I ran /Applications/Python 3.<your‑version>/Install\ Certificates.command on my terminal and it solved my issue :)

Answer 49 · 2025-07-27T15:25:10.000Z

I am a Plus subscriber and I get

Credit redemption request failed: HTTP Error 400: Bad Request
Successfully logged in

What could be the reason? Thank you in advance

Answer 50 · 2025-07-27T16:29:21.000Z

Plus user accessing a cloud Ubuntu server via SSH on Windows. Plus user, so running :codex login: and I get a link, Open it in my Windows browser, authenticate, and it tries to send the token to localhost.. What we have here...is a failure to communicate.

Others return the token in the browser and you paste it into the CLI, and away you go. I'm just sitting going nowhere with a "xdg-open: no method available for opening " message.

Answer 51 · 2025-07-28T16:29:14.000Z

@jimCresswell I'm in the same situation. I shouldn't have to verify my organization by providing a government ID with photo to a third-party especially since I'm just looking to try this out right now. I wanted to comment so you know you're not alone in that feeling. I've found and am monitoring several other related issues on the repo here that having growing comments sharing they're running into this issue. With that I think this is just a snag in the auth flow and logic right now so my guess is it will get sorted out as the tool progresses and matures.

Answer 52 · 2025-07-28T21:13:49.000Z

This is bizarre. As a small business owner I have to upload my ID to Persona instead of just providing certificate of registration/company details. I guess no codex for us then :/

Answer 53 · 2025-07-28T21:49:20.000Z

Hi all, thanks for continuing to post examples on this thread. Admittedly, things like auth and billing are sensitive pieces of the system, so we have to get them right and they can only reasonably get done by folks working on our side. I am not at liberty to share specifics, but this has been flagged as a hi-pri issue for Codex CLI internally and there are folks working it.

I'm excited to share more when I can. In the meantime, if you are an API user, for sure using a valid OPENAI_API_KEY environment variable to authenticate is the most reliable option. For those of you using that solution, FYI, you can store the value in $CODEX_HOME/.env or $(pwd)/.env now:

#1653

Answer 54 · 2025-07-29T09:36:47.000Z

codex login is starting a local login server on a headless server without a browser.

curl http://localhost:1455/auth/callback?code=.. gives:

Error logging in: login_with_chatgpt subprocess failed:
    Error response
    Error code: 400
    Message: State parameter mismatch.
    Error code explanation: 400 - Bad request syntax or unsupported method.
There should be a prompt to paste a token.

@bolinfest

Is there a version/workaround that is working on a headless server? This is a CLI tool that requires a desktop/browser environment. Could you provide the steps if there are any?

Answer 55 · 2025-07-29T10:42:59.000Z

@jimCresswell I'm in the same situation. I shouldn't have to verify my organization by providing a government ID with photo to a third-party especially since I'm just looking to try this out right now. I wanted to comment so you know you're not alone in that feeling. I've found and am monitoring several other related issues on the repo here that having growing comments sharing they're running into this issue. With that I think this is just a snag in the auth flow and logic right now so my guess is it will get sorted out as the tool progresses and matures.

@clarkio thank you for the solidarity!

Answer 56 · 2025-07-29T10:43:52.000Z

Hi all, thanks for continuing to post examples on this thread. Admittedly, things like auth and billing are sensitive pieces of the system, so we have to get them right and they can only reasonably get done by folks working on our side. I am not at liberty to share specifics, but this has been flagged as a hi-pri issue for Codex CLI internally and there are folks working it.

I'm excited to share more when I can. In the meantime, if you are an API user, for sure using a valid OPENAI_API_KEY environment variable to authenticate is the most reliable option. For those of you using that solution, FYI, you can store the value in $CODEX_HOME/.env or $(pwd)/.env now:

#1653

Thanks for the update @bolinfest !

Answer 57 · 2025-07-30T15:29:08.000Z

I managed to login by port forwarding SSH. Now as Plus user I am getting:

BackgroundEvent(BackgroundEventEvent { message: "stream error: stream disconnected │ │before completion: You exceeded your current quota, please check your plan and │ │billing details. For more information on this error, read the docs: │ │https://platform.openai.com/docs/guides/error-codes/api-errors.; retrying 1/10 in │ │203ms…" })

Answer 58 · 2025-07-30T15:33:38.000Z

with o3
│BackgroundEvent(BackgroundEventEvent { message: "stream error: stream disconnected█│ │before completion: Your organization must be verified to use the model o3. █│ │Please go to: https://platform.openai.com/settings/organization/general and click █│ │on Verify Organization. If you just verified, it can take up to 15 minutes for █│ │access to propagate.; retrying 1/10 in 207ms…" })

Answer 59 · 2025-07-30T15:36:51.000Z

sorry guys. you have so many bugs, that it's nonsense to dig deeper.

Answer 60 · 2025-07-31T20:48:21.000Z

When Logging in with plus account:

❯ Sign in with ChatGPT
  Paste an API key (or set as OPENAI_API_KEY)
TypeError: fetch failed
    at node:internal/deps/undici/undici:13510:13
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async vbe (file:///******/AppData/Roaming/npm/node_modules/@openai/codex/dist/cli.js:795:5693)
    at async Server.<anonymous> (file://******/AppData/Roaming/npm/node_modules/@openai/codex/dist/cli.js:989:854) {
  [cause]: Error: unable to get local issuer certificate
      at TLSSocket.onConnectSecure (node:_tls_wrap:1679:34)
      at TLSSocket.emit (node:events:518:28)
      at T0.emit (file:///C:/******/AppData/Roaming/npm/node_modules/@openai/codex/dist/cli.js:332:3119)
      at TLSSocket._finishInit (node:_tls_wrap:1078:8)
      at ssl.onhandshakedone (node:_tls_wrap:864:12) {
    code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
  }
}

Answer 61 · 2025-08-01T05:52:59.000Z

When I try to login I get this error:

Route Error (400 ): {
  "error": {
    "message": "No eligible ChatGPT workspaces found.",
    "type": "invalid_request_error",
    "param": null,
    "code": "chatgpt_account_missing"
  }
}

Answer 62 · 2025-08-01T07:17:27.000Z

The error I encountered when following the instruction in README.MD:

codex login
Starting local login server on http://localhost:1455
If your browser did not open, navigate to this URL to authenticate:

https://auth.openai.com/oauth/authorize?response_type=code&client_id=app_...
Credit redemption request failed: HTTP Error 400: Bad Request
Successfully logged in

When I'm checking the login status:

➜  ~ codex login status
error: unexpected argument 'status' found

Usage: codex-aarch64-apple-darwin login [OPTIONS]

For more information, try '--help'.

version:

➜  ~ codex --version   
codex-cli 0.10.0

Answer 63 · 2025-08-06T03:37:14.000Z

When i try using the login command i just get a prompt for an api key:

**codex login status

Missing OpenAI API key.

Set the environment variable OPENAI_API_KEY and re-run this command.**

Answer 64 · 2025-08-07T05:08:58.000Z

I get this error on my Pro account:

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)>.

Answer 65 · 2025-08-07T05:29:25.000Z

with codex login after logging in:
first

then when continue:

quite bothersom as a new plus memeber. i'm poor so $20 is already too much for me but i bit the bullet. Now running into this nonsense. blegh!

hope it's fixed soon.

Answer 66 · 2025-08-07T16:16:15.000Z

Unfortunately login feature just encapsulates API key creation using your ChatGPT account. This becomes obvious if you look at the description of #1212

The codex multitool now has a login subcommand, so you can run codex login, which should write CODEX_HOME/auth.json if you complete the flow successfully. The TUI will now read the OPENAI_API_KEY from auth.json.

The TUI should refresh the token if it has expired and the necessary information is in auth.json.

There is a LoginScreen in the TUI that tells you to run codex login if both (1) your model provider expects to use OPENAI_API_KEY as its env var, and (2) OPENAI_API_KEY is not set.

But current version of README.MD states that rather unclearly for some reason.

Answer 67 · 2025-08-07T18:09:49.000Z

Trying to codex login with my ChatGPT credentials results in the website asking me to link to an API-level organization.

I was hoping to avoid that and use my ChatGPT subscription instead, similar to how Claude can be signed into using a "normal" Claude subscription. Is that not possible with Codex? With Claude, using a normal subscription is much more economical than using an API key. Was hoping the same might be true here.

Answer 68 · 2025-08-07T18:11:04.000Z

Oh, also: I'm trying to do codex login on a headless dev box, and the auth flow tries to redirect to localhost:1455 which obviously doesn't work. Is this also not possible?

Looks like I'm going be sticking with Claude for a while longer yet. Was hoping to compare it to GPT-5.

Answer 69 · 2025-08-07T18:32:42.000Z

Oh, also: I'm trying to do codex login on a headless dev box, and the auth flow tries to redirect to localhost:1455 which obviously doesn't work. Is this also not possible?

Looks like I'm going be sticking with Claude for a while longer yet. Was hoping to compare it to GPT-5.

You can auth on your laptop, then copy the auth to your server.
(i.e scp ~~/.codex/auth.json youruser@192.1.2.3:~~/.codex/auth.json)

Answer 70 · 2025-08-07T18:33:48.000Z

@aivajoe please try 0.16.0 or later: today was a big release

I hear you on the problems with using it on a headless box. We're moving a bunch of things around in the docs right now, but the current workaround is to copy/scp ~/.codex/auth.json from your local machine (assuming you successfully got through the login flow locally) to the headless box where you want to use the CLI.

Answer 71 · 2025-08-07T18:45:39.000Z

I logged in via my pro account but I can still see that API credits were being deducted from my API account. FYI this is my first time installing codex on the machine I am working on. I am using windows 11

Answer 72 · 2025-08-07T18:47:48.000Z

getting this

Answer 73 · 2025-08-07T18:58:19.000Z

@siddhantparadox For now, you need to explicitly unset OPENAI_API_KEY when running codex, so consider OPENAI_API_KEY= codex

Answer 74 · 2025-08-07T19:05:35.000Z

Route Error (400 ): {
"error": {
"message": "No eligible ChatGPT workspaces found.",
"type": "invalid_request_error",
"param": null,
"code": "chatgpt_account_missing"
}
}

Should login by chatGPT account for teams, work? I see contradictory information.

"Who can use the new sign-in flow?
Free, Plus, and Pro ChatGPT accounts.
Enterprise, Edu, and Team workspaces are excluded for now." -> https://help.openai.com/en/articles/11381614-codex-cli-and-sign-in-with-chatgpt

but

"After you run codex select Sign in with ChatGPT. You'll need a Plus, Pro, or Team ChatGPT account, and will get access to our latest models, including gpt-5, at no extra cost to your plan." -> https://github.com/openai/codex

Which is then?

Answer 75 · 2025-08-07T19:16:45.000Z

Oh, also: I'm trying to do codex login on a headless dev box, and the auth flow tries to redirect to localhost:1455 which obviously doesn't work. Is this also not possible?

Looks like I'm going be sticking with Claude for a while longer yet. Was hoping to compare it to GPT-5.

Having the same issue smh -_-

Answer 76 · 2025-08-07T19:17:48.000Z

UPDATE: same error still occurring on v0.19.0 as well.

codex v0.16.0, attempting to authorize a Team account, also seeing the "No eligible ChatGPT workspaces found" 400 error:

Route Error (400 ): {
  "error": {
    "message": "No eligible ChatGPT workspaces found.",
    "type": "invalid_request_error",
    "param": null,
    "code": "chatgpt_account_missing"
  }
}

Answer 77 · 2025-08-07T19:52:28.000Z

Tryin to log in with Team Account but error:

Answer 78 · 2025-08-07T20:44:47.000Z

Same here with a team account. Oh boy, the impatience when something gets released but doesn't work directly. 😂

Answer 79 · 2025-08-07T20:47:25.000Z

MacOS 15.6

Error response

Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)>.

Error code explanation: 500 - Server got itself in trouble.

In Firefox, Chrome, and Safari.

Answer 80 · 2025-08-07T21:15:50.000Z

@aivajoe please try 0.16.0 or later: today was a big release

I hear you on the problems with using it on a headless box. We're moving a bunch of things around in the docs right now, but the current workaround is to copy/scp ~/.codex/auth.json from your local machine (assuming you successfully got through the login flow locally) to the headless box where you want to use the CLI.

Thank you @bolinfest, this worked for me!

Answer 81 · 2025-08-07T21:43:03.000Z

I get this one after writing "codex login" on codex 0.16.0 and proceeding to login on auth.openai.com with my Google account

Answer 82 · 2025-08-07T22:20:44.000Z

@siddhantparadox For now, you need to explicitly unset OPENAI_API_KEY when running codex, so consider OPENAI_API_KEY= codex

Can you elaborate on how to do it? I'm having the same problems with the plus account type, it's saying I have an insufficient quota. I have max spending set to 0, and I should be able to use it with a plus account right?

Answer 83 · 2025-08-07T23:51:59.000Z

I run codex login and it gives me this:

The model "codex-mini-latest" does not appear in the list of models available to your account. Double-check the spelling (use
  openai models list
to see the full list) or choose another model with the --model flag.

I run codex --help and it says that I should actually be using --login instead of login:

I run codex --login I get:

Answer 84 · 2025-08-08T00:30:41.000Z

no api key is in env

i do codex login - it goes to openai , sign in , accept.

back in terminal it says logged in but looks like codex crashed.

launch codex again, looks like working

but i enter any simple prompt, like hi. and it says

🖐 stream disconnected before completion: stream closed before response.completed

tried login several times, not working

chatgpt plus user

Answer 85 · 2025-08-08T00:52:36.000Z

using my google account which is a team admin account - tried with different browsers, hard reload etc - can log in normally to the admin panel but not working with codex get this :

and also managed to get this :

Answer 86 · 2025-08-08T02:16:24.000Z

Things are getting quite weird on my end.
The login was successful, when I am under user's home directory, its working fine, but when I go into any specific project directory, it keeps complaining "Incorrect API key provided"

Edit: I have never created such api key so I am really confused as to whats going on here

Answer 87 · 2025-08-08T02:36:18.000Z

New installation with npm install -g @openai/codex.
Tried codex login using my ChatGPT Plus account, but encountered the following error message on terminal after successful login in browser:

Error logging in: login_with_chatgpt subprocess failed:

Both MacOS and Ubuntu have the same issue.

Answer 88 · 2025-08-08T02:55:03.000Z

Login plus user and: system
⚠ Insufficient quota: You exceeded your current quota, please check your plan and billing details. For more
information on this error, read the docs: https://platform.openai.com/docs/guides/error-codes/api-errors. Manage or
purchase credits at https://platform.openai.com/account/billing.

Answer 89 · 2025-08-08T03:04:54.000Z

Hi I tried with gpt plan.
codex -m gpt-4.1
and I am getting

it seems this only work with gpt-5

Answer 90 · 2025-08-08T03:20:20.000Z

I was able to authenticate a team account via codex login, but then it selects the free plan, and not my team workspace...

Answer 91 · 2025-08-08T03:25:18.000Z

Same issue with dvaldivia

Answer 92 · 2025-08-08T03:58:37.000Z

Have logged in using the team plan and i get the following message.

Is the CLI included in team plan? If so how does the billing for the same work?

Answer 93 · 2025-08-08T04:38:07.000Z

I'm getting

No eligible ChatGPT workspaces found.

Answer 94 · 2025-08-08T05:17:19.000Z

Hi,

I am having an issue., When I installed Codex I get this:

I am running on Windows 11 Pro

Answer 95 · 2025-08-08T06:00:33.000Z

Using codex --login and selecting Sign in with ChatGPT gives the following error on our ChatGPT Teams plan with SSO via Entra ID:

Codex Version: 0.19.0

Answer 96 · 2025-08-08T07:03:24.000Z

I also have a team account through my employer and getting this error while trying to login:

Route Error (400 ): {
  "error": {
    "message": "No eligible ChatGPT workspaces found.",
    "type": "invalid_request_error",
    "param": null,
    "code": "chatgpt_account_missing"
  }
}

Answer 97 · 2025-08-08T07:05:39.000Z

I also have a team account through my employer and getting this error while trying to login:
Route Error (400 ): {
  "error": {
    "message": "No eligible ChatGPT workspaces found.",
    "type": "invalid_request_error",
    "param": null,
    "code": "chatgpt_account_missing"
  }
}

I should mention that I have MFA enabled and can login to regular ChatGPT on Chrome just fine with the team account but the login fails with the above error when trying to login to codex CLI.

Answer 98 · 2025-08-08T08:21:26.000Z

I have ChatGPT Pro and I also cannot login (neither codex normal flow and codex login worked), I use MFA.

➜  ~ codex login
Starting local login server on http://localhost:1455
. If your browser did not open, navigate to this URL to authenticate:

https://auth.openai.com/oauth/authorize?response_type=code&client_id=xx&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&code_challenge=xx&code_challenge_method=S256&id_token_add_organizations=true&codex_cli_simplified_flow=true&state=xx
Error logging in: login_with_chatgpt subprocess failed:

browser:

Error response
Error code: 500

Message: Token exchange failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>.

Error code explanation: 500 - Server got itself in trouble.

Tried re-install with cache flush and it didn't help.

Answer 99 · 2025-08-08T08:27:42.000Z

Team user here
Route Error (400 ): {
"error": {
"message": "No eligible ChatGPT workspaces found.",
"type": "invalid_request_error",
"param": null,
"code": "chatgpt_account_missing"
}
}

is this somthing i need to ask my company to create?

Answer 100 · 2025-08-08T08:28:25.000Z

It basically routes to OpenAI when want to use chat and it can't find the team orgs there... not sure if this intentional or not but for certain is broken.

And the below error:

Error response

And the below error:

Error response

And the below error:

Error response

Error response

codex login, page opens, login with google, input 2fa code, click into final step with defaults, and get these errors

`codex login`, page opens, login with google, input 2fa code, click into final step with defaults, and get these errors