External Publication
Visit Post

Locked out of Codex because of an old phone number?

OpenAI Developer Community July 4, 2026
Source

so fellas, I found a way how to bypass the bug. All props go to DeepSeek 3 flash and my knowledge of browser automation and session management from my experiments with electron.

Bypass Codex Phone Verification (WhatsApp/SMS Lockout)

The Problem

Codex Desktop/CLI forces phone/WhatsApp verification when you try to log in, even if you have 2FA disabled in your OpenAI account settings. This happens because Codex uses a different OAuth client (app_asdgadfhgafgad) than the web browser (app_123appidclientbs), and that client has phone verification as a mandatory step.

If you’ve lost access to your phone number or can’t receive SMS/WhatsApp, you’re locked out of Codex despite having a valid ChatGPT Pro/Plus account.

The Fix

The trick is: your ChatGPT session contains a valid JWT access token that can be used as an API key. The web browser’s OAuth flow (which allows email-OTP instead of phone) produces a token that Codex accepts via codex login --with-api-key.

Requirements

  • Windows PC
  • A browser where you’re currently logged into chatgpt.com
  • A cookie export extension (like “Get cookies.txt” or “EditThisCookie” for Chrome)

Step-by-Step

1. Export cookies from chatgpt.com

  1. Go to https://chatgpt.com in your browser (make sure you’re logged in)
  2. Use a cookie export extension to export cookies for chatgpt.com
  3. Export in JSON format (most extensions support this)

2. Extract the access token

Open PowerShell and run:


# Load cookies and extract the access token

$cookies = Get-Content “C:\path\to\chatgpt.com_cookies.json” | ConvertFrom-Json

# Build cookie header

$cookieString = (cookies | ForEach-Object { "(\\_.name)=($_.value)" }) -join '; ’

# Call the session endpoint

$session = Invoke-RestMethod -Uri “https://chatgpt.com/api/auth/session” `
-Headers @{ “Cookie” = $cookieString; “Accept” = “application/json” } `
-UserAgent “Mozilla/5.0”

# Save the access token

$session.accessToken | Out-File -FilePath “$env:TEMP\codex_token.txt” -Encoding ascii
Write-Host “Access token extracted! Length: $($session.accessToken.Length)”

3. Pipe the token into Codex


# Replace with your actual Codex path if not in PATH

Get-Content “$env:TEMP\codex_token.txt” | & “$env:LOCALAPPDATA\OpenAI\Codex\bin\\*\codex.exe” login --with-api-key

You should see:

Reading API key from stdin…
Successfully logged in

4. Verify

codex login status

Expected output:

Logged in using an API key - apikey***

That’s it. Codex is now authenticated with your ChatGPT Pro/Plus subscription.

Notes

  • The access token is valid until October 2026 (about 3 months from the date of extraction)
  • If it expires, just repeat steps 1-3 with fresh cookies
  • This uses your ChatGPT Pro/Plus subscription — no separate API billing needed
  • The token’s audience is https://api.openai.com/v1\ with scopes for model.request, model.read, etc.
  • Your account’s planType (pro/plus) is preserved

Why This Works

The web browser’s OAuth flow (login via email-OTP) produces a JWT access token signed by OpenAI’s auth server. This token includes your subscription info and is valid for the OpenAI API. Codex’s –with-api-key flag accepts any valid credential that authenticates against api.openai.com/v1 — including this session-derived JWT. The desktop app’s own OAuth flow forces phone verification, but the CLI’s –with-api-key path has no such restriction.

Discussion in the ATmosphere

Loading comments...