Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/openai-phone-long-run-335-and-workspace-pitfalls-2026-05-11.md

111 lines
4.4 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# OpenAI phone verification long-run + post-phone OAuth pitfalls (2026-05-11)
Session-specific notes from a long Codex/CPA onboarding run using ClawEmail + 5sim + visible Chrome/CDP.
## Outcome
- Account: `chickliu.efxudmrg@claw.163.com`.
- Phone verification finally received SMS on activation `1007069622`.
- Successful country: `indonesia` (`+62`).
- Total real 5sim activations used before SMS success: **335**.
- `no free phones` was not counted; only bought activation ids counted.
## Long-run runner lessons
1. For “run until it works”, persist counters in a state file on every bought activation:
- `current_activation_id`
- `new_numbers`
- `total_numbers`
- `country`
2. Add a large but explicit safety cap, e.g. `MAX_NEW_NUMBERS=300`, so runaway spend is bounded while still honoring “run until success”.
3. Always write the latest activation id to `/tmp/current_fivesim_activation_id.txt` so an interrupted runner can check/cancel/finish the order.
4. CDP `WebSocketTimeoutException` during submit/verification should be treated as **automation failure**, not proof of phone failure. Immediately inspect:
- runner tail
- state file
- current activation id
- 5sim `/user/check/<activation_id>`
5. If logs show `sms_received` before the crash, do **not** buy more numbers. Resume code submission against the existing `RECEIVED` activation.
## SMS code extraction pitfall
The first generic regex `(?<!\d)(\d{4,8})(?!\d)` selected a 4-digit substring from the SMS/order text while OpenAIs page required exactly 6 characters.
Preferred extraction:
```python
cands = re.findall(r'(?<!\d)(\d{6})(?!\d)', text)
if not cands:
cands = re.findall(r'(?<!\d)(\d{4,8})(?!\d)', text)
code = cands[-1] if cands else ''
```
Check the OpenAI page text for “验证码应正好包含 6 个字符” / “code should contain exactly 6 characters” and prefer 6-digit candidates when present.
## 5sim finish ordering pitfall
If an incorrect/truncated code was submitted but the correct SMS was already retrieved, the order may have been `FINISHED` prematurely. This does not necessarily prevent submitting the correct code to OpenAI if the code is already known, but future runners should only call `/user/finish/<activation_id>` after OpenAI leaves `phone-verification`.
## About-you form pitfall
OpenAI `about-you` had visible required fields:
```text
input[name=name]
input[name=age]
input[name=birthday] hidden
```
A naive loop that wrote `Boss` into all visible inputs left validation errors. Use native React-compatible setters by name:
```js
function setVal(sel, val) {
const el = document.querySelector(sel);
const proto = HTMLInputElement.prototype;
Object.getOwnPropertyDescriptor(proto, 'value').set.call(el, val);
el.dispatchEvent(new Event('input', {bubbles:true}));
el.dispatchEvent(new Event('change', {bubbles:true}));
}
setVal('input[name=name]', 'Boss');
setVal('input[name=age]', '35');
setVal('input[name=birthday]', '1991-01-01');
```
## Consent / workspace pitfall
After phone + about-you success, Codex OAuth consent can fail with:
```text
hydra_api_accept_login_request_error
Workspaces not found in client auth session
```
Observed state:
- `auth.openai.com/sign-in-with-chatgpt/codex/consent` showed the account email and a Continue button.
- Clicking Continue produced “Workspaces not found in client auth session”.
- Opening `https://chatgpt.com/` in the same profile showed **not logged in** (“登录 / 免费注册”), so ChatGPT workspace/session was not initialized despite OpenAI auth phone completion.
Recommended recovery:
1. Do not buy more phone numbers; phone verification is done.
2. Initialize/login ChatGPT in the same visible Chrome profile first.
3. Then generate a fresh CPA OAuth URL and redo Codex consent.
4. If password login fails for the freshly created account, avoid stale OAuth states; use a fresh CPA URL and the visible ChatGPT/OpenAI login path. OTP links on stale password pages can return `invalid_state`.
## CDP navigation pitfall
`Runtime.evaluate(... awaitPromise=True)` around a click that navigates may fail with:
```text
Inspected target navigated or closed
```
For navigation clicks, prefer:
1. Inspect current DOM.
2. Execute a non-awaited click (`awaitPromise=False`) or dispatch input/click and close the websocket.
3. Sleep briefly.
4. Reattach to the current tab via `/json/list` and inspect the new URL.
This avoids treating a normal navigation as a fatal browser failure.