Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/openai-phone-verification-5sim-sms-2026-05-10.md
T
2026-05-10 08:45:11 +08:00

3.2 KiB

OpenAI phone verification with 5sim SMS activation — 2026-05-10

Context

During a Codex2API OAuth onboarding run for BOSS, OpenAI registration/login reached https://auth.openai.com/add-phone after email verification. BOSS corrected that phone verification must use SMS receive channels, not WhatsApp. The original codex-oauth-automation-extension provider confirmed the right 5sim API shape:

GET https://5sim.net/v1/user/buy/activation/{country}/{operator}/openai
GET https://5sim.net/v1/user/check/{activationId}
GET https://5sim.net/v1/user/cancel/{activationId}
GET https://5sim.net/v1/user/finish/{activationId}

Use product=openai, operator=any unless configured otherwise. If FIVE_SIM_COUNTRY_ID is empty, the extension default is vietnam.

Learned workflow

  1. Cancel any current 5sim activation before switching proxy, country, or retry strategy.
  2. Follow configured country first; do not silently fall back to other countries unless BOSS approves or config changes.
  3. For non-USA numbers, select the OpenAI country selector with visible UI and verify DOM shows the expected country before buying/submitting a number.
  4. Prefer real UI paste/click for the phone page. CDP-only mutation of input[type=tel] can desync React state: the visible country may later revert from 越南 (+84) to 美国 (+1) on submit.
  5. If OpenAI returns 无法向此电话号码发送验证码。请稍后重试或使用其他号码。, classify it as a number/provider rejection. Cancel the activation and buy a new number in the same configured region.
  6. If the page shows 电话号码无效。 after non-USA submission, first verify the country selector did not revert to 美国 (+1); this may be a selector-state problem, not a bad number.
  7. When changing browser proxy, expect OpenAI auth session invalidation. Re-open OAuth from the target panel, then redo email login/code before returning to add-phone.
  8. Codex2API admin page URL may be stored as /admin/accounts; derive API origin from the URL before calling /api/admin/oauth/generate-auth-url.

Observed proxy behavior

  • socks5://192.168.2.8:1085: OpenAI add-phone reached; multiple Vietnam 5sim numbers rejected with 无法向此电话号码发送验证码....
  • socks5://192.168.2.8:1083: TCP and exit IP worked; raw curl to ChatGPT returned Cloudflare challenge 403, but real Chrome loaded OpenAI login. Session changed to 你的会话已结束, requiring a fresh Codex2API OAuth URL and email code. A fresh Vietnam 5sim number was still rejected.

Practical checks

# Probe proxy with remote DNS
nc -vz -w 3 192.168.2.8 1083
curl --proxy socks5h://192.168.2.8:1083 --max-time 20 https://api.ipify.org
curl --proxy socks5h://192.168.2.8:1083 -I -L --max-time 30 https://chatgpt.com/ | sed -n '1,30p'
# Derive Codex2API API origin from env URL that may point at /admin/accounts
from urllib.parse import urlsplit
raw = CODEX2API_URL
u = urlsplit(raw)
origin = f'{u.scheme}://{u.netloc}' if u.scheme and u.netloc else raw.rstrip('/')
endpoint = origin + '/api/admin/oauth/generate-auth-url'

Do not leak

Do not print API keys, 5sim token, phone number, OAuth callback URL/code, account password, or admin key in final reports. Mask phone numbers and IDs if not needed.