npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@brantes/codex-get-auth-conf

v1.0.2

Published

A standalone script to obtain an auth.json to OpenAI codex-cli

Downloads

26

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

brantesbrantes

Keywords

openaicodexauthcliautomation

Readme

Codex Get Auth Conf (auth.json)

NPM Version NPM Downloads dw GitHub License

A standalone Node.js script to programmatically obtain an OpenAI API key by replicating the authentiation flow of the codex CLI. This project is the result of a deep dive into reverse-engineering a real-world OAuth 2.0 PKCE authentication flow.

🚀 Features

  • Automated Browser Login: Initiates the OpenAI login flow directly in your default browser.
  • Secure OAuth 2.0 PKCE Flow: Correctly implements the Proof Key for Code Exchange (PKCE) for secure authorization.
  • Local Callback Server: Runs a temporary local server to handle the OAuth redirect and capture the authorization code.
  • Automatic Token Exchange: Exchanges the temporary code for a final, long-lived API key.
  • Credential Storage: Saves the obtained tokens and API key to ~/.codex/auth.json, mimicking the official CLI's behavior.

🤔 Why This Project Exists

This project began as an exploration to understand how modern CLI tools handle secure user authentication without asking the user to manually paste API keys. By reverse-engineering the codex CLI's login process, we can observe a complete, production-grade implementation of the OAuth 2.0 Authorization Code Grant with PKCE. It serves as a practical learning tool for anyone interested in API security and application authentication.

📋 Prerequisites

⚙️ Installation & Usage

Run with npx:

npx @brantes/codex-get-auth-conf

You can install this tool globally via npm:

npm install -g @brantes/codex-get-auth-conf

  1. Clone the repository:

    git clone https://github.com/pedrobrantes/codex-get-auth-conf.git

  2. Navigate to the project directory:

    cd codex-get-auth-conf

  3. Install the dependencies:

    npm install

  4. Run the script:

    npm start

The script will open a new tab in your browser. Log in with your OpenAI account. Upon success, the script will capture the credentials, save them, and print the new API key to the console.

🛠️ How It Works

The script follows the standard OAuth 2.0 PKCE flow:

  1. A local express server is started on localhost:1455 to listen for the callback.
  2. A cryptographic code_verifier and code_challenge are generated.
  3. The user's browser is opened to the OpenAI authorization endpoint, passing the client_id and code_challenge.
  4. After the user authenticates, OpenAI redirects them back to http://localhost:1455/auth/callback with a temporary authorization_code.
  5. The local server receives this request, captures the code, and securely exchanges it (along with the original code_verifier) for the final API key by making a POST request to OpenAI's token endpoint.
  6. The final API key and associated tokens are saved to ~/.codex/auth.json.c