Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/openai-email-code-login-account-deactivated-2026-05-11.md
T

3.3 KiB
Raw Blame History

OpenAI/Codex OAuth email-code recovery and account-deactivation pitfalls — 2026-05-11

Session context: after a long 5sim run, chickliu.efxudmrg@claw.163.com passed OpenAI phone verification but later failed CPA OAuth login/recovery.

Facts observed

  • Successful phone verification used 5sim Indonesia activation 1007069622; final count for this account was 335 actual activations. The 5sim order was FINISHED.
  • Initial SMS parser incorrectly selected a 4-digit number from the SMS text; OpenAI phone page required a 6-character code. Prefer (?<!\d)(\d{6})(?!\d) over generic 48 digit extraction for OpenAI phone/email codes.
  • After phone verification, OpenAI reached about-you; filling fields required setting:
    • input[name=name]
    • input[name=age]
    • hidden input[name=birthday] using the native value setter plus input/change events.
  • Opening a CPA OAuth URL with Chrome CDP /json/new?... repeatedly produced OpenAI unknown_error. Navigating the existing tab with Page.navigate reached the normal OpenAI login page. For this flow, prefer same-tab Page.navigate for fresh CPA OAuth URLs.
  • Switching proxy from socks5://192.168.2.8:1083 to socks5://192.168.2.8:1085 helped reach the login page by same-tab navigation but did not fix account-level issues.
  • Password login returned Incorrect email address or password, while attempting create-account with the same email returned 与此电子邮件地址相关联的帐户已存在, confirming the account existed but the saved password was not usable.
  • Email-code login path can work from the login/password page: click 使用一次性验证码登录, then page goes to /email-verification and sends a code to ClawEmail.
  • mail-cli mail list is not necessarily newest-first for this submailbox. In this session, idx 0 was an older ChatGPT temp code while newer OpenAI login codes were idx 1/2/3. Do not select the first OpenAI-like row blindly; parse the date field and select the newest relevant OpenAI login email, or record the max timestamp before clicking resend and wait for a strictly newer email.
  • After a wrong email code, clicking 重新发送电子邮件 may add a newer mail; still validate by date. Use native/React setter or real input events to ensure the single code input value changes before submitting.
  • Final server response after submitting the fresh email-login code was account_deactivated. Per policy, stop that account immediately; do not buy more phone numbers or keep trying OAuth for that account.
  1. If fresh CPA OAuth URL opened in a new tab gives unknown_error, retry by navigating the existing auth tab with CDP Page.navigate instead of /json/new.
  2. If password login fails but account exists, use 使用一次性验证码登录 from the login/password page, not passwordless signup (使用一次性验证码注册), which may return passwordless_signup_disabled.
  3. Poll ClawEmail with a profile/config pointing at the exact submailbox. Sort candidate OpenAI mails by parsed date; do not assume mail-cli output order.
  4. Submit the newest 6-digit code using native setter / real input events.
  5. If OpenAI returns account_deactivated, mark the account dead and stop all further phone/OAuth attempts for it.