Skip to main content

Syntax

Description

The login command authenticates Codex with OpenAI. You can sign in with your ChatGPT account (recommended) or provide an API key.
We recommend signing in with ChatGPT to use Codex as part of your Plus, Pro, Team, Edu, or Enterprise plan. Learn more about ChatGPT plans.

Usage

This opens your browser to sign in with your ChatGPT account.

Sign In with Device Code

If you can’t open a browser, use device code authentication:
You’ll receive a code to enter at a URL.

Sign In with API Key

API keys require additional setup and are billed separately from ChatGPT plans.
Provide an API key from stdin:

Check Login Status

View your current authentication status:

Options

--device-auth
boolean
Use device code authentication instead of browser-based login. Shows a code to enter at a URL.
--with-api-key
boolean
Read an API key from stdin instead of using ChatGPT authentication.

Advanced OAuth Options

--experimental_issuer
string
Custom OAuth issuer base URL. Advanced use only.
This is an experimental flag for custom deployments.
--experimental_client-id
string
Custom OAuth client ID. Advanced use only.
This is an experimental flag for custom deployments.

Examples

Standard Login Flow

Device Code Flow

API Key from Environment

Verify Authentication

CI/CD Authentication

For automation, use API keys:

Authentication Methods

Pros:
  • Uses your existing ChatGPT subscription
  • No additional billing
  • Includes plan features (Plus, Pro, Team, etc.)
How it works:
  1. Run codex login
  2. Browser opens to ChatGPT
  3. Sign in and authorize
  4. Credentials stored securely

Device Code

When to use:
  • Remote servers without browser access
  • Terminal-only environments
  • Restricted network access
How it works:
  1. Run codex login --device-auth
  2. Get a device code
  3. Visit URL in any browser
  4. Enter code
  5. Credentials stored

API Key

When to use:
  • CI/CD pipelines
  • Automation scripts
  • Separate billing requirements
How it works:
  1. Get API key from OpenAI Platform
  2. Pipe to codex login --with-api-key
  3. Key stored securely
API keys are billed separately on the OpenAI Platform. ChatGPT subscriptions don’t include API credits.

Credential Storage

Codex stores credentials securely using your system’s keychain:
  • macOS: Keychain Access
  • Linux: Secret Service API (gnome-keyring, KWallet)
  • Windows: Windows Credential Manager
You can configure storage with the cli_auth_credentials_store setting in config.toml.

Troubleshooting

Browser Doesn’t Open

Use device code authentication instead:

“Invalid API Key” Error

Ensure your API key:
  • Starts with sk-proj- or sk-
  • Has not expired
  • Has correct permissions
  • Is from OpenAI Platform

Credentials Not Persisting

Check credential storage configuration:
Configure in ~/.codex/config.toml: