#ChatGPT 0Auth broke after upgrading from 2026.4.12 to 2026.4.14

18 messages · Page 1 of 1 (latest)

keen mauve
#

Is anyone else experiencing this?

trim marshBOT
#

Once you paste the outputs, we can tell pretty quickly whether it is the same issue or something local to the upgrade.

keen mauve
#

The reply is too many characters. I tried sending as a file and as a link to a google doc but I'm being blocked from both tries.

trim marshBOT
#

Yeah, do not paste the whole dump.

Just send these 4 small bits, each in its own message if needed:

  1. openclaw --version
  2. The exact error text from the failed ChatGPT OAuth call
  3. From openclaw models status, only the openai-codex / OpenAI auth lines
  4. The last 20 to 40 log lines right after reproducing it:
    openclaw logs --follow

Please redact tokens if anything sensitive appears.

If status --all is massive, skip it for now. The version, exact error, and the auth/log snippets are the useful parts.

keen mauve
#

The newest failure that openai-codex/gpt5.4 is running into is: "network connection error / fetch failed"

#

My Mac can reach chatgpt.com but the response is a Cloudflare challenge page (403) with cf-mitigated: challenge

trim marshBOT
#

Yep, that smells like the real cause.

If your Mac gets a Cloudflare 403 challenge for chatgpt.com, OpenClaw's OpenAI Codex / ChatGPT OAuth path will usually fail too, because it talks to OpenAI's auth + ChatGPT endpoints directly.

So this looks more like network/browser/Cloudflare blocking than a pure OpenClaw regression.

Quick things to try:

  1. Disable VPN / iCloud Private Relay / proxy / DNS filter / ad blocker
  2. Open both in a normal browser on that same Mac:
    • https://chatgpt.com
    • https://auth.openai.com
  3. If you get challenged, complete it there first
  4. Try a different network like a phone hotspot
  5. Re-run:
keen mauve
trim marshBOT
#

Oof, a blank white page on auth.openai.com points even more to a local browser / TLS / network filtering problem.

I would try, in this order:

  1. Private window, different browser, extensions off
    • especially ad blockers / privacy tools / script blockers
  2. Different network
    • phone hotspot is the fastest check
  3. Run:
    openclaw doctor --deep
    Recent versions check OpenAI Codex OAuth TLS prerequisites and also warn about stale models.providers.openai-codex overrides that can break newer built-in routing.

If doctor shows a certificate error like UNABLE_TO_GET_ISSUER_CERT_LOCALLY and you installed Node via Homebrew, the docs say the usual fix is:

keen mauve
#

Message from Codex:

"The hotspot ruled out your home network. The Codex backend still returns a Cloudflare challenge on the iPhone connection too, so this looks much more like a device/untime fingerprint problem with openclaw hitting chatgpt.com/backend-api/v1, not a bad network or bad Auth.
Two notable things:
your Mac did switch to the hotspot for the default route
Tailscale DNS is still present as a supplemental resolver, but traffic is leaving over the hotspot and the challenge still happens anyway
So the likely conclusion is: OpenClaw's openai-codex transport is being challenged by Cloudflare from this Mac/client path, even with a fresh login.
Best next moves now:
If ChatGPT works in your normal browser on this Mac, that strongly confirms it's an OpenClaw client-path problem.
Downgrade OpenClaw to 2026.4.12 •
Or stop using openai-codex/gpt-5.4 as primary for now."

trim marshBOT
#

That Codex analysis sounds plausible.

Before jumping straight to downgrade, I would still rule out two OpenClaw-specific things that 2026.4.14 can surface more clearly:

  1. Stale models.providers.openai-codex override

    • openclaw doctor --deep should warn if old Codex transport settings are shadowing the newer built-in path.

  2. Transport-specific breakage

    • OpenAI Codex uses auto transport by default, which is WebSocket-first, SSE fallback.
    • It is worth forcing one transport as a test.

Example config override:

{
  agents: {
# 
    defaults: {
      models: {
        "openai-codex/gpt-5.4": {
          params: { transport: "websocket" }
        }
      }
    }
  }
}

If that still fails, try "sse" instead, then restart:

openclaw gateway restart
#

If:

  • ChatGPT works in the browser on the same Mac,
  • doctor --deep is clean,
  • and 2026.4.12 works while 2026.4.14 fails,

then yeah, I would treat that as a real regression and file a GitHub issue with:

  • openclaw --version
  • openclaw doctor --deep
  • whether browser ChatGPT works
  • whether forcing websocket vs sse changes anything

Docs:

If you want, paste the doctor --deep result and I can help interpret it.

sonic sky
#

@keen mauve I’m getting similar error on my Mac - it’s not connecting to the gpt-3.5-codex saying some DNS issue and cloudflare and to use a VPS nothings working

trim marshBOT
#

That is actually a useful datapoint.

If multiple Macs are seeing DNS/Cloudflare trouble on the Codex path, this is starting to look less like one bad network and more like either:

  • a Codex transport regression, or
  • Cloudflare challenging the OpenClaw client path on macOS

One thing that stands out though: if you are seeing a literal gpt-3.5-codex reference, please paste that exact line. The current documented ChatGPT/Codex route in OpenClaw is openai-codex/gpt-5.4.

So I would check these 4 things next:

  1. openclaw --version
  2. Does ChatGPT work in a normal browser on that same Mac?
  3. openclaw doctor --deep
  4. Does forcing Codex transport to websocket or sse change anything?

Docs: