Skip to content

fix(codex): check and refresh authentication before starting tasks #352

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bborn merged 1 commit into from
Feb 3, 2026
Merged

fix(codex): check and refresh authentication before starting tasks #352

bborn merged 1 commit into from
Feb 3, 2026
+22 −0

Conversation

@bborn
Copy link
Owner

@bborn bborn commented Feb 2, 2026
edited
Loading

Summary

Codex OAuth tokens expire after ~1 hour. This fix adds an authentication check that also attempts to trigger token refresh before starting tasks.

Problem

When starting a Codex task with expired OAuth tokens:

  1. Codex prompts for browser-based authentication
  2. This happens inside a tmux session, making it awkward
  3. Users get unexpected login prompts with no clear guidance

Solution

Added ensureAuthenticated() that:

  1. Runs codex login status which checks auth AND can trigger token refresh
  2. Increased timeout to 10s to allow for refresh operation
  3. If auth fails, provides clear guidance including the permanent fix:
# Permanent solution - API key auth doesn't expire
printenv OPENAI_API_KEY | codex login --with-api-key

Auth options

Method Expires Cost
ChatGPT OAuth ~1 hour Included in ChatGPT subscription
API Key Never Pay per token

Test plan

  • With Codex logged out, try to run a Codex task → should fail with helpful message
  • Run codex login, try again → should work
  • Set up API key auth → should work permanently without re-auth

🤖 Generated with Claude Code

@bborn bborn force-pushed the task/911-i-keep-having-to-sign-in-every-time-i-us branch from d470150 to 331196f Compare February 2, 2026 19:49
@bborn bborn changed the title fix(codex): persist session ID to enable session resumption fix(executor): persist session IDs at framework level for all executors Feb 2, 2026
@bborn bborn force-pushed the task/911-i-keep-having-to-sign-in-every-time-i-us branch from 331196f to e289fb3 Compare February 3, 2026 13:43
@bborn bborn changed the title fix(executor): persist session IDs at framework level for all executors fix(codex): check authentication before starting tasks Feb 3, 2026
@bborn @claude
fix(codex): check and refresh authentication before starting tasks
c2268a4 
Codex OAuth tokens expire after ~1 hour. This fix adds an authentication
check before starting tasks that also attempts to trigger token refresh.

Changes:
- Added ensureAuthenticated() that runs 'codex login status' which can
  trigger a token refresh if valid refresh_token exists
- Increased timeout to 10s to allow for refresh operation
- Improved error message to suggest API key auth for permanent solution:
  printenv OPENAI_API_KEY | codex login --with-api-key

API key auth doesn't expire and is the recommended solution for users
who don't want to re-authenticate periodically.

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@bborn bborn force-pushed the task/911-i-keep-having-to-sign-in-every-time-i-us branch from e289fb3 to c2268a4 Compare February 3, 2026 16:48
@bborn bborn changed the title fix(codex): check authentication before starting tasks fix(codex): check and refresh authentication before starting tasks Feb 3, 2026
@bborn bborn merged commit a2d3886 into main Feb 3, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bborn