97 lines
2.1 KiB
Markdown
97 lines
2.1 KiB
Markdown
# CPA panel OAuth callback success (2026-05-10)
|
|
|
|
## Context
|
|
|
|
After a successful OpenAI phone verification with the free-country runner, Codex2API callback exchange kept failing with:
|
|
|
|
```text
|
|
unsupported_country_region_territory
|
|
```
|
|
|
|
BOSS switched the target panel to CPA / CLI Proxy API and said the env was configured.
|
|
|
|
## CPA panel
|
|
|
|
Env keys used:
|
|
|
|
```text
|
|
CPA_VPS_URL=http://192.168.2.62:8317/management.html
|
|
CPA_VPS_PASSWORD=[REDACTED]
|
|
```
|
|
|
|
The panel is CLI Proxy API Management Center v6.9.38.
|
|
|
|
Important API base discovered from the management UI bundle/network:
|
|
|
|
```text
|
|
/v0/management
|
|
```
|
|
|
|
Actual endpoints:
|
|
|
|
```text
|
|
GET /v0/management/codex-auth-url?is_webui=true
|
|
GET /v0/management/get-auth-status?state=<state>
|
|
POST /v0/management/oauth-callback
|
|
```
|
|
|
|
Callback submission body:
|
|
|
|
```json
|
|
{
|
|
"provider": "codex",
|
|
"redirect_url": "http://localhost:1455/auth/callback?code=[REDACTED]&state=[REDACTED]"
|
|
}
|
|
```
|
|
|
|
Auth header:
|
|
|
|
```text
|
|
Authorization: Bearer [CPA_VPS_PASSWORD]
|
|
```
|
|
|
|
## Result
|
|
|
|
CPA generated a Codex OAuth URL. The already phone-verified account was used:
|
|
|
|
```text
|
|
chickliu.apwkwesb@claw.163.com
|
|
```
|
|
|
|
OpenAI consent produced a localhost callback. Submitting it to CPA returned:
|
|
|
|
```json
|
|
{"status":"ok"}
|
|
```
|
|
|
|
Polling auth status returned:
|
|
|
|
```json
|
|
{"status":"ok"}
|
|
```
|
|
|
|
CPA auth files confirmed the new Codex credential:
|
|
|
|
```json
|
|
{
|
|
"name": "codex-chickliu.apwkwesb@claw.163.com-free.json",
|
|
"provider": "codex",
|
|
"status": "active",
|
|
"account_type": "oauth",
|
|
"plan_type": "free"
|
|
}
|
|
```
|
|
|
|
Credential path on CPA host:
|
|
|
|
```text
|
|
/root/.cli-proxy-api/codex-chickliu.apwkwesb@claw.163.com-free.json
|
|
```
|
|
|
|
## Notes
|
|
|
|
- The CPA root `/api/auth/url` route returned `amp upstream proxy not available`; it is not the Codex OAuth endpoint.
|
|
- Do not guess root endpoints. Use `/v0/management/*` for management OAuth.
|
|
- If direct curl guesses fail with 404, open `management.html`, log in, and inspect network calls. The UI calls `/v0/management/codex-auth-url?is_webui=true`.
|
|
- The panel dashboard showed proxy URL `http://192.168.2.8:1082`; token exchange succeeded through CPA, unlike Codex2API.
|