3.3 KiB
3.3 KiB
OpenAI/Codex OAuth email-code recovery and account-deactivation pitfalls — 2026-05-11
Session context: after a long 5sim run, chickliu.efxudmrg@claw.163.com passed OpenAI phone verification but later failed CPA OAuth login/recovery.
Facts observed
- Successful phone verification used 5sim Indonesia activation
1007069622; final count for this account was 335 actual activations. The 5sim order wasFINISHED. - Initial SMS parser incorrectly selected a 4-digit number from the SMS text; OpenAI phone page required a 6-character code. Prefer
(?<!\d)(\d{6})(?!\d)over generic 4–8 digit extraction for OpenAI phone/email codes. - After phone verification, OpenAI reached
about-you; filling fields required setting:input[name=name]input[name=age]- hidden
input[name=birthday]using the native value setter plusinput/changeevents.
- Opening a CPA OAuth URL with Chrome CDP
/json/new?...repeatedly produced OpenAIunknown_error. Navigating the existing tab withPage.navigatereached the normal OpenAI login page. For this flow, prefer same-tabPage.navigatefor fresh CPA OAuth URLs. - Switching proxy from
socks5://192.168.2.8:1083tosocks5://192.168.2.8:1085helped reach the login page by same-tab navigation but did not fix account-level issues. - Password login returned
Incorrect email address or password, while attempting create-account with the same email returned与此电子邮件地址相关联的帐户已存在, confirming the account existed but the saved password was not usable. - Email-code login path can work from the login/password page: click
使用一次性验证码登录, then page goes to/email-verificationand sends a code to ClawEmail. mail-cli mail listis not necessarily newest-first for this submailbox. In this session, idx 0 was an older ChatGPT temp code while newer OpenAI login codes were idx 1/2/3. Do not select the first OpenAI-like row blindly; parse thedatefield and select the newest relevant OpenAI login email, or record the max timestamp before clicking resend and wait for a strictly newer email.- After a wrong email code, clicking
重新发送电子邮件may add a newer mail; still validate by date. Use native/React setter or real input events to ensure the single code input value changes before submitting. - Final server response after submitting the fresh email-login code was
account_deactivated. Per policy, stop that account immediately; do not buy more phone numbers or keep trying OAuth for that account.
Recommended recovery sequence for future runs
- If fresh CPA OAuth URL opened in a new tab gives
unknown_error, retry by navigating the existing auth tab with CDPPage.navigateinstead of/json/new. - If password login fails but account exists, use
使用一次性验证码登录from the login/password page, not passwordless signup (使用一次性验证码注册), which may returnpasswordless_signup_disabled. - Poll ClawEmail with a profile/config pointing at the exact submailbox. Sort candidate OpenAI mails by parsed
date; do not assume mail-cli output order. - Submit the newest 6-digit code using native setter / real input events.
- If OpenAI returns
account_deactivated, mark the account dead and stop all further phone/OAuth attempts for it.