2.1 KiB
2.1 KiB
CPA panel OAuth callback success (2026-05-10)
Context
After a successful OpenAI phone verification with the free-country runner, Codex2API callback exchange kept failing with:
unsupported_country_region_territory
BOSS switched the target panel to CPA / CLI Proxy API and said the env was configured.
CPA panel
Env keys used:
CPA_VPS_URL=http://192.168.2.62:8317/management.html
CPA_VPS_PASSWORD=[REDACTED]
The panel is CLI Proxy API Management Center v6.9.38.
Important API base discovered from the management UI bundle/network:
/v0/management
Actual endpoints:
GET /v0/management/codex-auth-url?is_webui=true
GET /v0/management/get-auth-status?state=<state>
POST /v0/management/oauth-callback
Callback submission body:
{
"provider": "codex",
"redirect_url": "http://localhost:1455/auth/callback?code=[REDACTED]&state=[REDACTED]"
}
Auth header:
Authorization: Bearer [CPA_VPS_PASSWORD]
Result
CPA generated a Codex OAuth URL. The already phone-verified account was used:
chickliu.apwkwesb@claw.163.com
OpenAI consent produced a localhost callback. Submitting it to CPA returned:
{"status":"ok"}
Polling auth status returned:
{"status":"ok"}
CPA auth files confirmed the new Codex credential:
{
"name": "codex-chickliu.apwkwesb@claw.163.com-free.json",
"provider": "codex",
"status": "active",
"account_type": "oauth",
"plan_type": "free"
}
Credential path on CPA host:
/root/.cli-proxy-api/codex-chickliu.apwkwesb@claw.163.com-free.json
Notes
- The CPA root
/api/auth/urlroute returnedamp upstream proxy not available; it is not the Codex OAuth endpoint. - Do not guess root endpoints. Use
/v0/management/*for management OAuth. - If direct curl guesses fail with 404, open
management.html, log in, and inspect network calls. The UI calls/v0/management/codex-auth-url?is_webui=true. - The panel dashboard showed proxy URL
http://192.168.2.8:1082; token exchange succeeded through CPA, unlike Codex2API.