Skip to content

codex login didn't support ChatGPT SSO #5553

@kamontat

Description

@kamontat

What version of Codex is running?

codex-cli 0.47.0

What subscription do you have?

Business Plan

Which model were you using?

not related

What platform is your computer?

Darwin 25.0.0 arm64 arm

What issue are you seeing?

codex login didn't works as expected when "Enforce SSO log in" on ChatGPT account.

Image

What steps can reproduce the bug?

  1. Login to ChatGPT account where SSO is enabled and enforce
  2. Try run codex exec "hello"
  3. Got exceeded retry limit, last status: 401 Unauthorized, request id: 99305b0bedfb45b1-BKK
Image

What is the expected behavior?

Able to login successfully and chat with codex.

Additional information

The workaround I found is...

  1. run codex then run /logout
  2. run codex again and login when it prompt
  3. this will works until exit codex tui

I did some investigating on token and found that the jwt token created on first login, contains sso_connection_id field as well as sub fields having saml format. HOWEVER, on subsequence token missing sso_connection_id and sub fields having auth0 instead.

On first login

Image

On subsequence execute

Image

I also check network, and saw that openai return below error, when token missing sso_connection_id.

{
  "detail": {
    "code": "require_sso_login",
    "account_name": "<account-name>"
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    authIssues related to authentication and accountsbugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions