Skip to content

Codex Desktop keeps using revoked ChatGPT OAuth token after logout/login #31459

Description

@annyzhou

Codex Desktop repeatedly uses revoked ChatGPT OAuth token after logout/login and profile reset

Summary

Codex Desktop can successfully connect to SSH remotes, but Desktop requests to chatgpt.com/backend-api/wham/* continue returning 401 token_expired / 401 token_revoked after full logout/login, local profile reset, CLI auth reset, bundled CLI auth reset, and Desktop restart.

This appears to be a Desktop/web account auth refresh issue rather than an SSH/remote-machine issue.

Environment

  • macOS
  • Codex Desktop app
  • Codex CLI version: 0.142.5
  • Bundled Desktop CLI: /Applications/Codex.app/Contents/Resources/codex
  • SSH remotes

Observed behavior

After a clean Desktop restart, remote SSH connections succeed:

Immediately afterward, Desktop account/app metadata requests fail:

failed to list apps: Request failed with status 401 Unauthorized:
{
  "error": {
    "message": "Provided authentication token is expired. Please try signing in again.",
    "code": "token_expired"
  },
  "status": 401
}

Additional requests also fail:

GET https://chatgpt.com/backend-api/wham/accounts/check
401 token_revoked
"Encountered invalidated oauth token for user, failing request"

Thread-title generation also reports:

Your access token could not be refreshed because your refresh token was revoked.
Please log out and sign in again.

Things already tried

  • Full Codex Desktop logout/login
  • Full Codex Desktop restart
  • Reset local Desktop profile/cache:
    • ~/Library/Application Support/Codex
    • ~/Library/Caches/Codex
    • ~/Library/Caches/com.openai.codex
  • Reset standalone CLI auth:
    • codex logout
    • codex login --device-auth
  • Reset bundled Desktop CLI auth:
    • /Applications/Codex.app/Contents/Resources/codex logout
    • /Applications/Codex.app/Contents/Resources/codex login --device-auth
  • Verified both local CLIs report:
    • Logged in using ChatGPT
  • Verified SSH remotes connect and app-server handshakes succeed.

Expected behavior

After logout/login and fresh device auth, Codex Desktop should stop using the invalidated token and should successfully refresh/reload account/app metadata.

Actual behavior

Codex Desktop continues to make authenticated chatgpt.com/backend-api/wham/* requests with a token the backend considers revoked/expired, even though local CLI auth and bundled CLI auth both report successful login.

Metadata

Metadata

Assignees

No one assigned

    Labels

    appIssues related to the Codex desktop appauthIssues related to authentication and accountsbugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions