Skip to content

zcz-user/codex-auth-session-refresh

BranchesTags

Repository files navigation

Codex Auth Session Refresh

中文  ·  Report Bug  ·  Discussion

Stars Windows Node.js Playwright MIT Last commit PRs Welcome

💡 Why This Exists

Codex CLI needs a valid access_token in ~/.codex/auth.json. The standard OAuth login flow doesn't work in many real-world setups:

🚫 Scenario ⚡ Impact
Corporate proxy OAuth redirects blocked by firewall
WSL / Docker No browser available to complete flow
Remote desktop (SSH) Auth popups fail silently
📱 Phone verification OpenAI SMS code → no overseas phone number → stuck
Short token TTL Must re-authenticate every few hours

This tool bridges the gap — it reads your own ChatGPT browser session to extract a fresh token and writes it directly to Codex's auth.json.

No reverse engineering. No MITM. No API abuse. Just your browser doing what it already does.

✨ Features
🔌 One command setup npm install && .\login-profile.ps1 — done
🤖 Auto-refresh Windows Scheduled Task, configurable interval
🛡️ Safe by design Token never logged, backup before every write
🪟 Desktop shortcuts create-desktop-toolbox.ps1 — click to run
🔍 Health dashboard status.ps1 — task + token state at a glance
🔧 Fully configurable 6 environment variables for custom paths
📦 Zero runtime deps Only playwright-core — no bloated framework

🚀 Getting Started

One-liner install

git clone https://github.com/zcz-user/codex-auth-session-refresh.git && cd codex-auth-session-refresh && npm install

First use

.\login-profile.ps1
# → Browser opens → Login to ChatGPT → Press Enter
.\status.ps1
# → Verify token is active
📸 What you'll see (click to expand) 
=== Codex Auth Refresh Status ===

[TASK] Name: CodexAuthSessionRefresh
[TASK] State: Ready
[TASK] LastRunTime: 6/10/2026 7:55:00 PM
[TASK] LastTaskResult: 0 (0 means success)
[TASK] NextRunTime: 6/10/2026 11:55:00 PM

[AUTH] Path: C:\Users\you\.codex\auth.json
[AUTH] auth_mode: chatgpt
[AUTH] last_refresh: 2026-06-10T11:55:00.000Z
[AUTH] access_token length: 1024
[AUTH] account_id present: True

[LOG] Last entries:
{"time":"2026-06-10T11:55:00.000Z","status":"success"}

📋 Reference

All Commands

Command What it does
login-profile.ps1 First login / re-login (opens browser)
run-refresh.ps1 Refresh token now (browser auto-closes)
status.ps1 Check task + token state
install-scheduled-task.ps1 Set up auto-refresh every N hours
create-desktop-toolbox.ps1 Create desktop shortcuts

Environment Variables

Variable Default Purpose
CODEX_AUTH_PATH ~/.codex/auth.json Target auth file
CODEX_AUTH_REFRESH_BROWSER auto-detect Chrome/Edge path override
CODEX_AUTH_REFRESH_PROFILE ./browser-profile Browser profile storage
CODEX_AUTH_REFRESH_BACKUP ./backups Auth file backup dir
CODEX_AUTH_REFRESH_LOG ./logs Operation log dir

Scheduled Task

.\install-scheduled-task.ps1               # Every 4h
.\install-scheduled-task.ps1 -EveryHours 2  # Every 2h

# Uninstall
Unregister-ScheduledTask -TaskName "CodexAuthSessionRefresh" -Confirm:$false

🛡️ Security Model

Attack Vector Mitigation
.gitignore browser-profile/, logs/, backups/, *.log, auth.json all excluded
Token leak Logs explicitly delete safe.token before writing
Corrupted auth Backup with timestamp before every write
Stale session Separate login-profile.ps1 for clean re-auth

If compromised: Sign out all ChatGPT sessions → delete browser-profile/ → rotate credentials.

🏗️ Architecture

┌─────────────────────────────────────────────────────────────────┐
│                    Your Windows Machine                          │
│                                                                  │
│  ┌──────────────┐    ┌──────────────────┐    ┌───────────────┐  │
│  │   ChatGPT    │    │    Playwright    │    │   Codex CLI   │  │
│  │   Session    │───▶│  (persistent)    │───▶│  auth.json    │  │
│  └──────────────┘    └──────────────────┘    └───────────────┘  │
│                              │                                   │
│                              ▼                                   │
│                   ┌────────────────────┐                         │
│                   │  Scheduled Task    │                         │
│                   │  (every N hours)   │                         │
│                   └────────────────────┘                         │
└─────────────────────────────────────────────────────────────────┘

Stack: Node.js 18+ → Playwright Core → Chrome/Edge → ChatGPT API

📦 Project Structure

codex-auth-session-refresh/
├── scripts/
│   └── refresh-codex-auth.js       # Core engine
├── .github/workflows/ci.yml        # CI pipeline
├── assets/
│   ├── header-light.svg            # README banner (light)
│   └── header-dark.svg             # README banner (dark)
├── login-profile.ps1               # First login flow
├── run-refresh.ps1                 # Manual refresh
├── status.ps1                      # Health check
├── install-scheduled-task.ps1      # Auto-refresh setup
├── create-desktop-toolbox.ps1      # Desktop shortcuts
├── SECURITY.md                     # Security deep-dive
├── CONTRIBUTING.md                 # Contribution guide
├── README.md                       # This file
└── README_zh.md                    # 中文文档

Stars Forks
Made with 🔥 for developers stuck behind firewalls

About

Refresh Codex CLI auth.json from a local ChatGPT web session profile — workaround for environments where OAuth browser flow is unavailable

Topics

windows auth token-refresh playwright chatgpt codex-cli codex-skill

Resources

Readme

Contributing

Contributing

Security policy

Security policy
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages