Codex login expired? Fix repeated login prompts
If Codex keeps reopening the login flow, the problem is usually the saved auth for one account, not a broken install. The fastest fix is to refresh that profile cleanly, switch back to it, and start the next session fresh instead of deleting your whole local setup.
Why this happens
- The saved token for that Codex account expired or was revoked.
- The account changed state, for example after a password reset or security review.
- You are on SSH or a headless box and the normal browser flow is a poor fit for the environment.
Fast fix
CLI-only steps
- Run
codexonce and confirm it is really a login prompt, not a 429 or network problem. - If you manage profiles with CodexUse CLI, refresh the affected profile instead of deleting everything.
- On remote or headless sessions, prefer
--login=deviceso you can complete auth from another device.
CodexUse path
- List profiles to identify which one is stale.
- Refresh that profile with browser or device auth.
- Switch back to it, then start the next Codex session in a fresh terminal tab or next turn.
codexuse profile list
codexuse profile refresh Work --login=device
codexuse profile switch Work
codexuse profile currentUse --login=browser on a normal desktop session. Use --login=device on SSH or headless Linux.
What to do if refresh still fails
- Delete and re-add only the broken profile, not every saved account.
- Check whether the same OpenAI account exists under more than one profile name, which can confuse local hygiene.
- Rule out a network or status issue before assuming the credentials are bad.
Prevent it next time
- Keep personal, work, and client accounts in clearly named profiles so you know exactly which one expired.
- Use refresh before delete. It preserves the profile slot and keeps the fix narrower.
- Use device auth by default on headless or SSH-heavy workflows.
Troubleshooting table
| Symptom | Likely cause | Action |
|---|---|---|
| Codex opens login every launch | The active profile auth is expired or revoked | Refresh that specific profile, then switch back to it |
| Refresh works but the next run still feels wrong | The existing shell or session started before the switch | Open a fresh terminal tab or start the next Codex turn after switching |
| Browser login is awkward over SSH | The environment is effectively headless | Use codexuse profile refresh <name> --login=device |
What to copy and paste
What to avoid
- Reinstalling the CLI before you confirm it is only an expired login.
- Deleting every saved profile when only one account is stale.
- Assuming an old shell picks up the new active profile mid-session.
Related
Why does Codex keep asking me to log in?
The saved auth for that account expired or was revoked. Usually the fix is to re-authenticate the affected profile, not reinstall the whole toolchain.
Should I delete the profile when login expires?
Not first. Try refreshing the profile first. Delete and re-add only if the refresh path still leaves the profile invalid.
What if I am on SSH or a headless machine?
Use device auth instead of a browser flow. CodexUse CLI supports refreshing a profile with --login=device, which fits remote and Linux server sessions better.