# OpenAI phone verification with 5sim SMS activation — 2026-05-10 ## Context During a Codex2API OAuth onboarding run for BOSS, OpenAI registration/login reached `https://auth.openai.com/add-phone` after email verification. BOSS corrected that phone verification must use **SMS** receive channels, not WhatsApp. The original `codex-oauth-automation-extension` provider confirmed the right 5sim API shape: ```text GET https://5sim.net/v1/user/buy/activation/{country}/{operator}/openai GET https://5sim.net/v1/user/check/{activationId} GET https://5sim.net/v1/user/cancel/{activationId} GET https://5sim.net/v1/user/finish/{activationId} ``` Use `product=openai`, `operator=any` unless configured otherwise. If `FIVE_SIM_COUNTRY_ID` is empty, the extension default is `vietnam`. ## Learned workflow 1. Cancel any current 5sim activation before switching proxy, country, or retry strategy. 2. Follow configured country first; do not silently fall back to other countries unless BOSS approves or config changes. 3. For non-USA numbers, select the OpenAI country selector with visible UI and verify DOM shows the expected country before buying/submitting a number. 4. Prefer real UI paste/click for the phone page. CDP-only mutation of `input[type=tel]` can desync React state: the visible country may later revert from `越南 (+84)` to `美国 (+1)` on submit. 5. If OpenAI returns `无法向此电话号码发送验证码。请稍后重试或使用其他号码。`, classify it as a number/provider rejection. Cancel the activation and buy a new number in the same configured region. 6. If the page shows `电话号码无效。` after non-USA submission, first verify the country selector did not revert to `美国 (+1)`; this may be a selector-state problem, not a bad number. 7. When changing browser proxy, expect OpenAI auth session invalidation. Re-open OAuth from the target panel, then redo email login/code before returning to `add-phone`. 8. Codex2API admin page URL may be stored as `/admin/accounts`; derive API origin from the URL before calling `/api/admin/oauth/generate-auth-url`. ## Observed proxy behavior - `socks5://192.168.2.8:1085`: OpenAI `add-phone` reached; multiple Vietnam 5sim numbers rejected with `无法向此电话号码发送验证码...`. - `socks5://192.168.2.8:1083`: TCP and exit IP worked; raw curl to ChatGPT returned Cloudflare challenge 403, but real Chrome loaded OpenAI login. Session changed to `你的会话已结束`, requiring a fresh Codex2API OAuth URL and email code. A fresh Vietnam 5sim number was still rejected. ## Practical checks ```bash # Probe proxy with remote DNS nc -vz -w 3 192.168.2.8 1083 curl --proxy socks5h://192.168.2.8:1083 --max-time 20 https://api.ipify.org curl --proxy socks5h://192.168.2.8:1083 -I -L --max-time 30 https://chatgpt.com/ | sed -n '1,30p' ``` ```python # Derive Codex2API API origin from env URL that may point at /admin/accounts from urllib.parse import urlsplit raw = CODEX2API_URL u = urlsplit(raw) origin = f'{u.scheme}://{u.netloc}' if u.scheme and u.netloc else raw.rstrip('/') endpoint = origin + '/api/admin/oauth/generate-auth-url' ``` ## Do not leak Do not print API keys, 5sim token, phone number, OAuth callback URL/code, account password, or admin key in final reports. Mask phone numbers and IDs if not needed.