Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/openai-phone-335-success-cpa-oauth-login-session-pitfalls-2026-05-11.md
T

79 lines
4.1 KiB
Markdown

# OpenAI phone success at 335 numbers + CPA OAuth retry pitfalls — 2026-05-11
Context: continuing BOSS's CPA/Codex OAuth onboarding for `chickliu.efxudmrg@claw.163.com` after earlier free-country 5sim runs.
## Phone verification result
- Start count before unlimited continuation: 57 actual 5sim activations.
- Continuation received SMS on new number 278.
- Final actual activations used: **335**.
- Successful country: `indonesia` (`ID`, +62).
- Successful 5sim activation: `1007069622`.
- 5sim status after handling: `FINISHED`.
- OpenAI state after correct SMS code: `phone-verification -> about-you`.
## SMS parsing pitfall
The first parser used `(?<!\d)(\d{4,8})(?!\d)` and selected a 4-digit candidate from the 5sim SMS/text blob. OpenAI's phone page explicitly required a 6-character code, so submission stayed on `phone-verification`.
Fix: for OpenAI phone verification prefer a 6-digit candidate first:
```python
cands = re.findall(r'(?<!\d)(\d{6})(?!\d)', text)
if not cands:
cands = re.findall(r'(?<!\d)(\d{4,8})(?!\d)', text)
code = cands[-1]
```
Do not mark the activation `FINISHED` until the page leaves `phone-verification`; if already finished after a wrong code, re-check the finished activation and extract the 6-digit code from its stored SMS.
## about-you/profile completion
After phone success, OpenAI showed `https://auth.openai.com/about-you` with fields:
- `input[name=name]`, required text
- `input[name=age]`, required number
- hidden `input[name=birthday]`
- hidden `input[name=isExplicitConsentRequired]`
Naive loop filling every empty input with `Boss` failed for age. Working approach used native input value setters and set:
```js
input[name=name] = 'Boss'
input[name=age] = '35'
input[name=birthday] = '1991-01-01'
```
Then click `完成帐户创建`; this reached `sign-in-with-chatgpt/codex/consent`.
## CPA OAuth retry observations
- Switching browser proxy from `socks5://192.168.2.8:1083` to `socks5://192.168.2.8:1085` did not solve login credentials, but changed navigation behavior.
- Chrome DevTools `/json/new?<auth_url>` on Chrome 147 sometimes caused OpenAI `https://auth.openai.com/error` with `unknown_error` for a fresh CPA OAuth URL.
- Using the same tab via CDP `Page.navigate` with the same fresh CPA OAuth URL entered the normal OpenAI login page. Prefer same-tab navigation for CPA OAuth recovery.
- After about-you/consent, one error was `Workspaces not found in client auth session`; retrying the button did not recover. ChatGPT homepage still showed logged-out, so the ChatGPT/workspace session was not initialized.
- Fresh CPA OAuth then hit login. Password login returned `Incorrect email address or password` even though signup used the configured password; creating with the same email returned `与此电子邮件地址相关联的帐户已存在`, proving the account exists.
- `使用一次性验证码登录` on the password page returned `invalid_state` in one state.
- `使用一次性验证码注册` from create-password returned `passwordless_signup_disabled`.
## Current classification
This is no longer a phone/SMS problem once the 335th activation succeeded. For this account, the blocker became Auth/session/credential recovery:
```text
email verified: yes
phone verified: yes
5sim activation: FINISHED
oauth callback: not acquired
CPA auth file: not active for this account
blocker: OpenAI login/session/workspace, not proxy or SMS
```
## Operational guidance for future retry
1. Do not buy more phone numbers for this account unless OpenAI explicitly returns to `add-phone` for the same account.
2. Use 1085 if BOSS requests it, but navigate OAuth URL in the same tab (`Page.navigate`), not `/json/new`.
3. If password login fails and passwordless is disabled/invalid_state, try a real password reset/recovery path or a fresh account; do not loop password submission.
4. If about-you is shown after phone verification, fill `name`, `age`, and `birthday` explicitly before consent.
5. For final reporting, state the phone success count separately from CPA/OAuth status: phone success at 335 actual activations; CPA callback not completed due auth/session blocker.