Skip to content

Add ChatGPT personal access token support#118

Draft
viyatb-oai wants to merge 1 commit into
mainfrom
codex/viyatb/chatgpt-pat-auth
Draft

Add ChatGPT personal access token support#118
viyatb-oai wants to merge 1 commit into
mainfrom
codex/viyatb/chatgpt-pat-auth

Conversation

@viyatb-oai

Copy link
Copy Markdown
Collaborator

Why

ChatGPT personal access tokens authenticate against the ChatGPT Codex backend, not the Platform Responses endpoint. Treating an at-... token as openai-api-key sends it to the wrong route and fails authentication.

What changed

  • add a distinct codex-access-token input and reject ambiguous credential combinations
  • hydrate ChatGPT account metadata through AuthAPI before starting Codex
  • route PAT-backed requests through the loopback proxy to the ChatGPT Codex endpoint with the required account and FedRAMP context
  • keep the token out of Codex's environment and configuration
  • preserve the existing Platform API-key, custom Responses endpoint, and Azure paths
  • document the new input and update the security guidance
  • regenerate dist/main.js

Testing

  • corepack pnpm test (27 tests)
  • corepack pnpm run check
  • git diff --check
  • parsed action.yml as YAML
  • completed a live PAT smoke test against the ChatGPT Codex endpoint and verified the token was absent from Codex configuration, subprocess environment, outputs, and temporary artifacts

Co-authored-by: Codex noreply@openai.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant