Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreictjcxn4xy3zsraimzp6mduart3vu5rgmva4jwbxn24fewwpf5f54",
    "uri": "at://did:plc:lk3jfj3zq4k4wxnk474axylu/app.bsky.feed.post/3mmohudtvw4d2"
  },
  "path": "/t/codex-cli-login-fails-on-windows-auth-openai-com-reachable-via-curl-but-oauth-device-auth-fail/1381736#post_1",
  "publishedAt": "2026-05-25T10:55:50.000Z",
  "site": "https://community.openai.com",
  "tags": [
    "auth.openai.com"
  ],
  "textContent": "I’m unable to sign in to Codex CLI on Windows. Both normal ChatGPT OAuth login and device auth fail.\n\nEnvironment:\n\n  * OS: Windows 11, 10.0.26200\n  * Node.js: v24.13.0\n  * npm: 11.6.2\n  * Codex CLI versions tested: 0.133.0 and 0.132.0\n  * Browser tested: Chrome and Edge\n  * Device code authorization is enabled in ChatGPT security settings\n\n\n\nErrors:\n\n  1. Normal login:\n`Token exchange failed: error sending request for url (https://auth.openai.com/oauth/token)`\n\n  2. Device auth:\n`Error logging in with device code: error sending request for url (https://auth.openai.com/api/accounts/deviceauth/usercode)`\n\n  3. Browser page sometimes shows:\n`Unexpected token '<', '<!DOCTYPE'... is not valid JSON`\n\n\n\n\nNetwork checks already completed:\n\n  * WinHTTP proxy reset. `netsh winhttp show proxy` returns direct access / no proxy.\n  * Windows system proxy disabled. `ProxyEnable = 0`, `ProxyServer` is empty.\n  * WLAN DNS restored to DHCP and DNS cache flushed.\n  * `HTTP_PROXY`, `HTTPS_PROXY`, and `ALL_PROXY` environment variables removed.\n  * Only `NO_PROXY=localhost,127.0.0.1,::1` remains.\n  * Removed `C:\\Users\\lenovo\\.codex\\auth.json`.\n  * Tried `codex logout`, `codex login`, and `codex login --device-auth`.\n  * Tried Codex CLI 0.133.0 and 0.132.0.\n  * Tried Chrome and Edge.\n  * Device code authorization is enabled in ChatGPT security settings.\n\n\n\nPowerShell can reach the auth endpoint:\n`curl.exe -I https://auth.openai.com/api/accounts/deviceauth/usercode`\n\nIt returns:\n`HTTP/1.1 405 Method Not Allowed`\n\nSo the endpoint is reachable from PowerShell, but Codex CLI still fails to request the device auth endpoint or exchange the OAuth token.\n\nQuestion:\nIs this a known Codex CLI authentication issue on Windows, possibly related to auth.openai.com / Cloudflare returning an HTML challenge page instead of JSON? Is there any recommended workaround besides API key login, such as a specific CLI version, debug flag, auth flow, or network configuration?\n\nI can provide sanitized logs if needed, but I will not share auth.json, cookies, API keys, account tokens, or proxy subscription links.",
  "title": "Codex CLI login fails on Windows: auth.openai.com reachable via curl but OAuth/device-auth fail"
}