Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/openai-phone-success-335-oauth-workspace-failures-2026-05-11.md
T

4.9 KiB
Raw Blame History

OpenAI phone success after long 5sim run, then OAuth workspace/session failures (2026-05-11)

Context: CPA/Codex OAuth onboarding for chickliu.efxudmrg@claw.163.com using visible Chrome/CDP 9226, proxy socks5://192.168.2.8:1083, ClawEmail submailbox external receive already enabled.

Phone verification outcome

  • Starting count before this continuation: 57 real 5sim activations.
  • Continuation runner bought 278 additional real activations before SMS success.
  • Final successful phone-verification number was total real activation 335.
  • Successful country: indonesia (ID, +62).
  • Successful activation id: 1007069622.
  • 5sim status after handling: FINISHED.
  • OpenAI moved from phone-verification to about-you after submitting the correct SMS code.

Important SMS parsing pitfall

The first generic parser used (?<!\d)(\d{4,8})(?!\d) over the whole 5sim SMS object and selected a 4-digit candidate, while the OpenAI page explicitly required a 6-character code. The false candidate likely came from another numeric field in the SMS object/phone text.

Fix for OpenAI login/phone codes:

  1. Prefer exactly six digits: (?<!\d)(\d{6})(?!\d).
  2. Only fall back to 48 digits if the page does not state a fixed 6-character requirement.
  3. If multiple 6-digit candidates are present, choose the candidate from the SMS message text field when available, not from serialized metadata; otherwise use the last 6-digit candidate.
  4. Never mark the 5sim activation finish until the page is verified to have left phone-verification; if finish was called prematurely, still try the correct code if the page remains on phone-verification and the SMS is available.

Observed recovery: after the wrong 4-digit code left the page on phone-verification, re-checking the finished 5sim activation still exposed the SMS; extracting a 6-digit candidate and submitting it moved OpenAI to about-you.

About-you form pitfall

OpenAI about-you form had:

input[name=name] type=text required
input[name=age] type=number required
input[name=birthday] type=hidden
input[name=isExplicitConsentRequired] type=hidden value=false

Filling all inputs with a generic text value caused validation errors. Working approach:

  • Set input[name=name] to a normal name, e.g. Boss.
  • Set input[name=age] to a valid numeric age, e.g. 35.
  • Set hidden birthday consistently, e.g. 1991-01-01, using the native input value setter and dispatching input/change.
  • Then click 完成帐户创建 / Finish account creation.

This moved to https://auth.openai.com/sign-in-with-chatgpt/codex/consent.

OAuth/session failures after phone success

After phone success and about-you completion, CPA OAuth did not import successfully in this run. Observed failures:

  • Consent page initially showed hydra_api_accept_login_request_error.
  • Retrying/fresh CPA URLs later showed Workspaces not found in client auth session on the Codex consent page.
  • Opening chatgpt.com in the same profile showed the user was not logged in / no ChatGPT workspace initialized.
  • Password login for the new account returned Incorrect email address or password; the password used during signup may not have persisted or the auth state was stale.
  • Clicking 使用一次性验证码登录 from the stale password page produced invalid_state; polling ClawEmail did find a 6-digit code, but submitting it on the error page could not recover the stale state.
  • Generating fresh CPA OAuth URL and opening it in a new tab after many failed auth states produced OpenAI /error with unknown_error; the OAuth URL shape itself looked normal (client_id, code_challenge, redirect_uri=http://localhost:1455/auth/callback, scope=openid email profile, prompt=login, state).

Do not buy more phone numbers for this account; phone verification is already done. For OAuth recovery:

  1. Start from a clean browser state/profile if possible, or at least close all auth.openai.com, chatgpt.com, localhost:1455 tabs and restart the automation Chrome.
  2. Generate exactly one fresh CPA OAuth URL.
  3. Avoid stale password-page OTP links; if login is required, prefer a fresh URL and a fresh auth page before requesting one-time email code.
  4. If Workspaces not found in client auth session appears, first establish a valid ChatGPT web session/workspace for the account, then generate a new CPA OAuth URL; do not keep pressing retry on the same consent error.
  5. If fresh CPA URL immediately returns OpenAI unknown_error, inspect whether CPA is rate-limiting/state-colliding from repeated URL generation; pause or restart CPA session before retrying.

Accounting

For final reports, distinguish:

phone verification success: yes, total real activations = 335
oauth/cpa import success: no, blocked by OpenAI auth/workspace/session errors

Do not conflate OAuth failure with phone-verification failure.