# OpenAI phone verification long-run + post-phone OAuth pitfalls (2026-05-11) Session-specific notes from a long Codex/CPA onboarding run using ClawEmail + 5sim + visible Chrome/CDP. ## Outcome - Account: `chickliu.efxudmrg@claw.163.com`. - Phone verification finally received SMS on activation `1007069622`. - Successful country: `indonesia` (`+62`). - Total real 5sim activations used before SMS success: **335**. - `no free phones` was not counted; only bought activation ids counted. ## Long-run runner lessons 1. For “run until it works”, persist counters in a state file on every bought activation: - `current_activation_id` - `new_numbers` - `total_numbers` - `country` 2. Add a large but explicit safety cap, e.g. `MAX_NEW_NUMBERS=300`, so runaway spend is bounded while still honoring “run until success”. 3. Always write the latest activation id to `/tmp/current_fivesim_activation_id.txt` so an interrupted runner can check/cancel/finish the order. 4. CDP `WebSocketTimeoutException` during submit/verification should be treated as **automation failure**, not proof of phone failure. Immediately inspect: - runner tail - state file - current activation id - 5sim `/user/check/` 5. If logs show `sms_received` before the crash, do **not** buy more numbers. Resume code submission against the existing `RECEIVED` activation. ## SMS code extraction pitfall The first generic regex `(?` after OpenAI leaves `phone-verification`. ## About-you form pitfall OpenAI `about-you` had visible required fields: ```text input[name=name] input[name=age] input[name=birthday] hidden ``` A naive loop that wrote `Boss` into all visible inputs left validation errors. Use native React-compatible setters by name: ```js function setVal(sel, val) { const el = document.querySelector(sel); const proto = HTMLInputElement.prototype; Object.getOwnPropertyDescriptor(proto, 'value').set.call(el, val); el.dispatchEvent(new Event('input', {bubbles:true})); el.dispatchEvent(new Event('change', {bubbles:true})); } setVal('input[name=name]', 'Boss'); setVal('input[name=age]', '35'); setVal('input[name=birthday]', '1991-01-01'); ``` ## Consent / workspace pitfall After phone + about-you success, Codex OAuth consent can fail with: ```text hydra_api_accept_login_request_error Workspaces not found in client auth session ``` Observed state: - `auth.openai.com/sign-in-with-chatgpt/codex/consent` showed the account email and a Continue button. - Clicking Continue produced “Workspaces not found in client auth session”. - Opening `https://chatgpt.com/` in the same profile showed **not logged in** (“登录 / 免费注册”), so ChatGPT workspace/session was not initialized despite OpenAI auth phone completion. Recommended recovery: 1. Do not buy more phone numbers; phone verification is done. 2. Initialize/login ChatGPT in the same visible Chrome profile first. 3. Then generate a fresh CPA OAuth URL and redo Codex consent. 4. If password login fails for the freshly created account, avoid stale OAuth states; use a fresh CPA URL and the visible ChatGPT/OpenAI login path. OTP links on stale password pages can return `invalid_state`. ## CDP navigation pitfall `Runtime.evaluate(... awaitPromise=True)` around a click that navigates may fail with: ```text Inspected target navigated or closed ``` For navigation clicks, prefer: 1. Inspect current DOM. 2. Execute a non-awaited click (`awaitPromise=False`) or dispatch input/click and close the websocket. 3. Sleep briefly. 4. Reattach to the current tab via `/json/list` and inspect the new URL. This avoids treating a normal navigation as a fatal browser failure.