Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/openai-phone-code-submit-method-audit-2026-05-11.md
T

3.5 KiB

OpenAI phone-code submit method audit: Luban France SMS received but submit failed (2026-05-11)

Context

During Luban free-country testing with chickliu2031som6d8@2925.com, France request 34133204 received a code but the runner stayed on OpenAI phone-verification after submitting it.

Do not classify that event as a completed phone verification. The correct class is:

sms_received_but_submit_failed

DOM observed on OpenAI phone-verification

Inspection of the current OpenAI phone verification page showed a single code input, not six split inputs:

{
  "href": "https://auth.openai.com/phone-verification",
  "title": "查看你的手机 - OpenAI",
  "input": {
    "type": "text",
    "name": "code",
    "autocomplete": "one-time-code",
    "inputMode": "numeric",
    "maxLength": 6,
    "placeholder": "代码"
  },
  "buttons": ["继续", "重新发送 WhatsApp 消息"]
}

So the correct target is:

input[autocomplete="one-time-code"], input[name="code"], input

Difference from the previously successful 5sim Vietnam submit

The successful 5sim Vietnam part2 runner submitted the phone code with:

const input=document.querySelector('input[autocomplete=one-time-code], input[name=code], input');
const setter=Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype,'value').set;
input.focus();
setter.call(input, code);
input.dispatchEvent(new InputEvent('input', {bubbles:true, inputType:'insertText', data:code}));
input.dispatchEvent(new Event('change', {bubbles:true}));
[...document.querySelectorAll('button')].find(b=>(b.innerText||'').trim()==='继续')?.click();

The Luban free-country runner used a generic setVal helper with plain Event('input') instead of InputEvent('input', {inputType:'insertText', data:code}):

setVal(inputs[0], code); // dispatches Event('input') + Event('change')

That may fail to update OpenAI's React/form state even when the DOM value looks set.

Required fix

For phone-code submission, use the proven 5sim method exactly:

  1. Select input[autocomplete="one-time-code"], input[name="code"], input.
  2. Use the native HTMLInputElement value setter.
  3. Dispatch InputEvent('input', {bubbles:true, inputType:'insertText', data:code}).
  4. Dispatch change.
  5. Verify input.value.length === 6 and the Continue button is not disabled.
  6. Click the exact Chinese 继续 button first, then fallback to English/regex.
  7. Save a redacted submit context: input count/name/autocomplete/maxLength, button disabled state, post-submit href/title/body excerpt. Never log the code.

A reusable helper is packaged with this skill:

scripts/submit_openai_phone_code_corrected.py

It accepts a code or code-file path, submits using the proven method, and redacts the code from output.

Extra channel warning

The current phone verification page displayed:

输入我们刚刚通过 WhatsApp 发送到 ... 的验证码。
重新发送 WhatsApp 消息

The runner must record the delivery channel text. If the page channel is WhatsApp but the SMS provider reports an SMS-style code, treat failures as ambiguous until the raw provider fields are inspected. Do not auto-mark as success unless OpenAI leaves /phone-verification.

Runner classification fix

After sms_received, if submitting the code leaves OpenAI on /phone-verification, classify as:

sms_submit_failed

not success_request_id.

Also release/finish the provider order explicitly according to provider rules and log the result.