pi-openai-codex-device-login
v0.1.0
Published
Pi extension that adds ChatGPT Plus/Pro device-code login for the OpenAI Codex provider.
Downloads
128
Maintainers
Readme
pi-openai-codex-device-login
Pi extension that adds device-code login for the built-in openai-codex ChatGPT Plus/Pro subscription provider.
This is an extension-only override: it does not replace OpenAI Codex models, streaming, base URLs, or request handling. It only replaces the provider's OAuth login/refresh implementation.
Install
After the package is published to npm:
pi install npm:pi-openai-codex-device-loginInstall directly from GitHub:
pi install git:github.com/MorseWayne/pi-openai-codex-device-loginInstall from a local checkout:
pi install /home/quzhihao/workspace/source/open/pi-openai-codex-device-loginOr test for one run without installing:
pi -e /home/quzhihao/workspace/source/open/pi-openai-codex-device-loginIf pi is already running after installation, use /reload.
Use
- Run
/login. - Select
Use a subscription. - Select
ChatGPT Plus/Pro (Codex Device Code)/openai-codex. - Choose
Device code (recommended). - Open the displayed URL and enter the displayed one-time code.
The extension keeps Browser OAuth fallback available in the login method selector.
How it works
The device-code flow matches the OpenAI Codex CLI custom flow:
- Request code:
POST https://auth.openai.com/api/accounts/deviceauth/usercode - Show URL:
https://auth.openai.com/codex/device - Poll auth:
POST https://auth.openai.com/api/accounts/deviceauth/token - Exchange returned authorization code at
https://auth.openai.com/oauth/token
The resulting access/refresh tokens are stored by pi's normal auth storage.
Release
CI runs on every push and pull request to main.
Publishing to npm runs from .github/workflows/publish.yml when pushing a tag like v0.1.0.
Repository setup required once:
- Create an npm automation/access token.
- Add it to GitHub repository secrets as
NPM_TOKEN.
Release steps:
npm version patch --no-git-tag-version
npm test
git add package.json package-lock.json
git commit -m "Release v$(node -p "require('./package.json').version")"
git tag "v$(node -p "require('./package.json').version")"
git push origin main --tagsThe publish workflow verifies that the pushed tag matches package.json before running npm publish --access public --provenance.
Roll back
Remove the package from pi settings:
pi remove npm:pi-openai-codex-device-loginFor a local install, remove the local path package or delete the package entry from ~/.pi/agent/settings.json, then run /reload.
Development
npm testTests mock OpenAI endpoints; no live OpenAI account or browser is used.
Security
This extension runs with local process permissions like any pi extension. It never logs access tokens, refresh tokens, device auth IDs, authorization codes, or code verifiers.
