Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/openai-phone-335-success-cpa-oauth-login-session-pitfalls-2026-05-11.md
T

4.1 KiB

OpenAI phone success at 335 numbers + CPA OAuth retry pitfalls — 2026-05-11

Context: continuing BOSS's CPA/Codex OAuth onboarding for chickliu.efxudmrg@claw.163.com after earlier free-country 5sim runs.

Phone verification result

  • Start count before unlimited continuation: 57 actual 5sim activations.
  • Continuation received SMS on new number 278.
  • Final actual activations used: 335.
  • Successful country: indonesia (ID, +62).
  • Successful 5sim activation: 1007069622.
  • 5sim status after handling: FINISHED.
  • OpenAI state after correct SMS code: phone-verification -> about-you.

SMS parsing pitfall

The first parser used (?<!\d)(\d{4,8})(?!\d) and selected a 4-digit candidate from the 5sim SMS/text blob. OpenAI's phone page explicitly required a 6-character code, so submission stayed on phone-verification.

Fix: for OpenAI phone verification prefer a 6-digit candidate first:

cands = re.findall(r'(?<!\d)(\d{6})(?!\d)', text)
if not cands:
    cands = re.findall(r'(?<!\d)(\d{4,8})(?!\d)', text)
code = cands[-1]

Do not mark the activation FINISHED until the page leaves phone-verification; if already finished after a wrong code, re-check the finished activation and extract the 6-digit code from its stored SMS.

about-you/profile completion

After phone success, OpenAI showed https://auth.openai.com/about-you with fields:

  • input[name=name], required text
  • input[name=age], required number
  • hidden input[name=birthday]
  • hidden input[name=isExplicitConsentRequired]

Naive loop filling every empty input with Boss failed for age. Working approach used native input value setters and set:

input[name=name] = 'Boss'
input[name=age] = '35'
input[name=birthday] = '1991-01-01'

Then click 完成帐户创建; this reached sign-in-with-chatgpt/codex/consent.

CPA OAuth retry observations

  • Switching browser proxy from socks5://192.168.2.8:1083 to socks5://192.168.2.8:1085 did not solve login credentials, but changed navigation behavior.
  • Chrome DevTools /json/new?<auth_url> on Chrome 147 sometimes caused OpenAI https://auth.openai.com/error with unknown_error for a fresh CPA OAuth URL.
  • Using the same tab via CDP Page.navigate with the same fresh CPA OAuth URL entered the normal OpenAI login page. Prefer same-tab navigation for CPA OAuth recovery.
  • After about-you/consent, one error was Workspaces not found in client auth session; retrying the button did not recover. ChatGPT homepage still showed logged-out, so the ChatGPT/workspace session was not initialized.
  • Fresh CPA OAuth then hit login. Password login returned Incorrect email address or password even though signup used the configured password; creating with the same email returned 与此电子邮件地址相关联的帐户已存在, proving the account exists.
  • 使用一次性验证码登录 on the password page returned invalid_state in one state.
  • 使用一次性验证码注册 from create-password returned passwordless_signup_disabled.

Current classification

This is no longer a phone/SMS problem once the 335th activation succeeded. For this account, the blocker became Auth/session/credential recovery:

email verified: yes
phone verified: yes
5sim activation: FINISHED
oauth callback: not acquired
CPA auth file: not active for this account
blocker: OpenAI login/session/workspace, not proxy or SMS

Operational guidance for future retry

  1. Do not buy more phone numbers for this account unless OpenAI explicitly returns to add-phone for the same account.
  2. Use 1085 if BOSS requests it, but navigate OAuth URL in the same tab (Page.navigate), not /json/new.
  3. If password login fails and passwordless is disabled/invalid_state, try a real password reset/recovery path or a fresh account; do not loop password submission.
  4. If about-you is shown after phone verification, fill name, age, and birthday explicitly before consent.
  5. For final reporting, state the phone success count separately from CPA/OAuth status: phone success at 335 actual activations; CPA callback not completed due auth/session blocker.