pi-openai-codex-device-login

Pi extension that adds ChatGPT Plus/Pro device-code login for the OpenAI Codex provider.

Packages

Package details

extension

Install pi-openai-codex-device-login from npm and Pi will load the resources declared by the package manifest.

npm repohome report
$ pi install npm:pi-openai-codex-device-login
Package
pi-openai-codex-device-login
Version
0.1.0
Published
May 25, 2026
Downloads
not available
Author
morsewayne
License
MIT
Types
extension
Size
27.9 KB
Dependencies
0 dependencies · 0 peers
Pi manifest JSON
{
  "extensions": [
    "./src/index.ts"
  ]
}

Security note

Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.

README

pi-openai-codex-device-login

Pi extension that adds device-code login for the built-in openai-codex ChatGPT Plus/Pro subscription provider.

This is an extension-only override: it does not replace OpenAI Codex models, streaming, base URLs, or request handling. It only replaces the provider's OAuth login/refresh implementation.

Install

After the package is published to npm:

pi install npm:pi-openai-codex-device-login

Install directly from GitHub:

pi install git:github.com/MorseWayne/pi-openai-codex-device-login

Install from a local checkout:

pi install /home/quzhihao/workspace/source/open/pi-openai-codex-device-login

Or test for one run without installing:

pi -e /home/quzhihao/workspace/source/open/pi-openai-codex-device-login

If pi is already running after installation, use /reload.

Use

  1. Run /login.
  2. Select Use a subscription.
  3. Select ChatGPT Plus/Pro (Codex Device Code) / openai-codex.
  4. Choose Device code (recommended).
  5. Open the displayed URL and enter the displayed one-time code.

The extension keeps Browser OAuth fallback available in the login method selector.

How it works

The device-code flow matches the OpenAI Codex CLI custom flow:

  • Request code: POST https://auth.openai.com/api/accounts/deviceauth/usercode
  • Show URL: https://auth.openai.com/codex/device
  • Poll auth: POST https://auth.openai.com/api/accounts/deviceauth/token
  • Exchange returned authorization code at https://auth.openai.com/oauth/token

The resulting access/refresh tokens are stored by pi's normal auth storage.

Release

CI runs on every push and pull request to main.

Publishing to npm runs from .github/workflows/publish.yml when pushing a tag like v0.1.0.

Repository setup required once:

  1. Create an npm automation/access token.
  2. Add it to GitHub repository secrets as NPM_TOKEN.

Release steps:

npm version patch --no-git-tag-version
npm test
git add package.json package-lock.json
git commit -m "Release v$(node -p "require('./package.json').version")"
git tag "v$(node -p "require('./package.json').version")"
git push origin main --tags

The publish workflow verifies that the pushed tag matches package.json before running npm publish --access public --provenance.

Roll back

Remove the package from pi settings:

pi remove npm:pi-openai-codex-device-login

For a local install, remove the local path package or delete the package entry from ~/.pi/agent/settings.json, then run /reload.

Development

npm test

Tests mock OpenAI endpoints; no live OpenAI account or browser is used.

Security

This extension runs with local process permissions like any pi extension. It never logs access tokens, refresh tokens, device auth IDs, authorization codes, or code verifiers.