codex-oauth-automation-extension
Installation
SKILL.md
Codex OAuth Automation Extension
Skill by ara.so — Daily 2026 Skills collection.
A Chrome extension that automates the full OpenAI OAuth registration/login flow including email verification, CPA callback handling, and multi-round batch execution. Supports DuckDuckGo, QQ Mail, 163 Mail, and Inbucket as verification code sources.
Installation
- Clone the repository:
git clone https://github.com/QLHazyCoder/codex-oauth-automation-extension.git
cd codex-oauth-automation-extension
-
Load in Chrome:
- Navigate to
chrome://extensions/ - Enable Developer mode (top right toggle)
- Click Load unpacked
- Select the project directory
- Navigate to
-
Open the side panel from the Chrome toolbar to configure and run.
Project Structure
background.js # Main orchestrator: steps 1–9, tab management, state
manifest.json # Extension manifest
data/names.js # Random name/birthday data
content/utils.js # Shared helpers: waitForElement, click, stop control
content/vps-panel.js # CPA panel: Step 1 / Step 9
content/signup-page.js # OpenAI signup/login: Steps 2/3/5/6/8
content/duck-mail.js # DuckDuckGo @duck.com address generation
content/qq-mail.js # QQ Mail OTP polling
content/mail-163.js # 163 Mail OTP polling
content/inbucket-mail.js # Inbucket mailbox OTP polling
sidepanel/ # Sidebar UI (HTML/CSS/JS)
Configuration (Side Panel Fields)
| Field | Description | Example |
|---|---|---|
CPA |
Your OAuth management panel URL | https://your-host/management.html#/oauth |
Mail |
Verification code source | 163 Mail, QQ Mail, or Inbucket |
Email |
Registration email (or click Auto for @duck.com) | user@duck.com |
Password |
Custom password; leave blank to auto-generate | MyPass123! |
Inbucket |
Inbucket host (only when Mail=Inbucket) | your-inbucket-host |
Mailbox |
Inbucket mailbox name (only when Mail=Inbucket) | tmp-mailbox |
Storage Behavior
chrome.storage.session— runtime state (steps, OAuth link, email, password, callback URL, tab info). Cleared when browser closes.chrome.storage.local— persistent config (CPA URL, password, mail service, Inbucket settings). Survives browser restarts.
The 9-Step Workflow
Step 1: Get OAuth Link
Opens CPA panel → finds Codex OAuth card → clicks login → extracts authorization URL → saves to OAuth field.
Step 2: Open Signup
Opens the OAuth authorization link → locates and clicks Sign up / Register / 创建账户 button.
Step 3: Fill Email / Password
Fills registration form with email and password. Auto-generates strong password if field is blank. Actual password used is written back to the sidebar.
Step 4: Get Signup Code
Polls the configured mailbox for a 6-digit OTP. Handles Operation timed out errors by auto-clicking retry.
Email matching rules:
- Sender contains:
openai,noreply,verify,auth,duckduckgo,forward - Subject contains:
verify,verification,code,验证,confirm
Step 5: Fill Name / Birthday
Generates random name and birthday. Handles two page variants:
- Birthday mode: fills year/month/day
- Age mode: fills
input[name='age']directly
Step 6: Login via OAuth
Re-fetches latest CPA OAuth link, then logs in with the newly registered account.
Step 7: Get Login Code
Same as Step 4 but with login-specific keyword matching.
Step 8: Manual OAuth Confirm (Auto-attempts)
- Locates the "Continue/Authorize" button on the OAuth consent page
- Uses Chrome
debuggerAPI to dispatch input events for the click - Monitors
chrome.webNavigation.onBeforeNavigatefor localhost callback - Only accepts:
http(s)://localhost:<port>/auth/callback?code=...&state=... - Timeout: 120 seconds
Step 9: CPA Verify
- Validates callback URL has both
codeandstateparams - Submits callback to CPA panel
- Waits for exact
认证成功!status badge - Closes residual
http://localhost:1455/auth*tabs
Auto Mode
Click Auto in the sidebar to run all 9 steps sequentially for N rounds (set by the number input).
Auto flow:
Step 1 → Step 2 → [Duck email auto-fetch, retry up to 5x]
↓ (if Duck fails) → Pause, wait for manual email input → Continue
Step 3 → Step 4 → Step 5 → Step 6 → Step 7 → Step 8 → Step 9
→ Repeat for N rounds
Resuming After Pause
When Auto is paused and you reopen the sidebar, two options appear:
- 重新开始 — Reset progress, start new round from Step 1
- 继续当前 — Treat completed/skipped steps as done, resume from first unhandled step
Key Code Patterns
Waiting for Elements (content/utils.js pattern)
// Wait for a DOM element with stop-signal support
async function waitForElement(selector, timeout = 30000) {
const start = Date.now();
while (Date.now() - start < timeout) {
// Check stop signal from background
const { stopFlow } = await chrome.storage.session.get('stopFlow');
if (stopFlow) throw new Error('STOPPED');
const el = document.querySelector(selector);
if (el) return el;
await new Promise(r => setTimeout(r, 500));
}
throw new Error(`Timeout waiting for: ${selector}`);
}
Reading/Writing Session State (background.js pattern)
// Save OAuth link to session
await chrome.storage.session.set({ oauthLink: extractedUrl });
// Read current email and password
const { currentEmail, currentPassword } = await chrome.storage.session.get([
'currentEmail',
'currentPassword'
]);
// Update step status
await chrome.storage.session.set({
stepStatus: { ...existingStatus, step3: 'done' }
});
Sending Messages to Content Scripts
// background.js → content script
const [tab] = await chrome.tabs.query({ url: '*://chat.openai.com/*' });
const result = await chrome.tabs.sendMessage(tab.id, {
action: 'FILL_EMAIL',
email: 'user@duck.com',
password: 'GeneratedPass1!'
});
Inbucket Mailbox Polling (content/inbucket-mail.js pattern)
// Only targets unread messages
const unseenEntries = document.querySelectorAll('.message-list-entry.unseen');
// From 2nd poll onwards, click the refresh button
if (pollCount > 1) {
const refreshBtn = document.querySelector('[data-action="refresh"]');
if (refreshBtn) refreshBtn.click();
await sleep(1000);
}
// After reading, delete the email to avoid re-matching
Chrome Debugger Click (content/signup-page.js pattern)
// Attach debugger to tab for synthetic input events
await chrome.debugger.attach({ tabId }, '1.3');
const { x, y } = buttonBounds;
await chrome.debugger.sendCommand({ tabId }, 'Input.dispatchMouseEvent', {
type: 'mousePressed', x, y, button: 'left', clickCount: 1
});
await chrome.debugger.sendCommand({ tabId }, 'Input.dispatchMouseEvent', {
type: 'mouseReleased', x, y, button: 'left', clickCount: 1
});
await chrome.debugger.detach({ tabId });
OAuth Callback Listener (background.js pattern)
chrome.webNavigation.onBeforeNavigate.addListener(async (details) => {
// Only main frame, only the auth tab
if (details.frameId !== 0) return;
if (details.tabId !== authTabId) return;
const url = details.url;
// Strict: must be localhost /auth/callback with code + state
if (/^https?:\/\/localhost:\d+\/auth\/callback\?/.test(url)) {
const parsed = new URL(url);
if (parsed.searchParams.get('code') && parsed.searchParams.get('state')) {
await chrome.storage.session.set({ callbackUrl: url });
}
}
});
Stop Signal Broadcasting
// From sidebar: send stop
await chrome.runtime.sendMessage({ action: 'STOP_FLOW' });
// In background.js: set flag and broadcast to all content scripts
await chrome.storage.session.set({ stopFlow: true });
const tabs = await chrome.tabs.query({});
for (const tab of tabs) {
chrome.tabs.sendMessage(tab.id, { action: 'STOP_FLOW' }).catch(() => {});
}
DuckDuckGo Email Auto-Fetch
// Triggered by sidebar "Auto" button next to Email field
// content/duck-mail.js opens:
// https://duckduckgo.com/email/settings/autofill
// Looks for existing private address or generates new one
const generateBtn = document.querySelector('[data-testid="generate-address"]');
if (generateBtn) generateBtn.click();
await waitForElement('.address-display');
const newAddress = document.querySelector('.address-display').textContent.trim();
Persistent Config (chrome.storage.local)
// Save config
await chrome.storage.local.set({
cpaUrl: 'https://your-host/management.html#/oauth',
mailService: 'Inbucket', // '163 Mail' | 'QQ Mail' | 'Inbucket'
inbucketHost: 'your-inbucket-host',
inbucketMailbox: 'tmp-mailbox',
customPassword: '', // empty = auto-generate
});
// Load config
const config = await chrome.storage.local.get([
'cpaUrl', 'mailService', 'inbucketHost', 'inbucketMailbox', 'customPassword'
]);
Troubleshooting
Step 8 timeout (120s exceeded)
- The OAuth consent page structure may have changed
- Manually click the "Continue" button and observe what URL the redirect hits
- Check the button selector in
content/signup-page.js
Step 4/7: OTP never arrives
- Verify the mail service tab is open and logged in before running
- For Inbucket: confirm
https://<host>/m/<mailbox>/is accessible - Check sender/subject filters — OpenAI sometimes changes sender addresses
- For QQ/163: ensure the webmail tab is the correct account
Duck email auto-fetch fails (retries 5x then pauses)
- DuckDuckGo extension must be installed and logged in
- The autofill settings page URL may have changed
- Fall back to manual email entry in the sidebar
CPA panel not detected (Step 1/9)
- Confirm your CPA URL matches
management.html#/oauthpath structure - The
content/vps-panel.jsselectors are hardcoded to a specific panel layout - Try running Step 1 manually to see console errors
"Operation timed out" on signup (Step 4)
- This is handled automatically — the script clicks the retry button and re-submits
- If it loops, the OpenAI signup endpoint may be rate-limiting your IP
Tab cleanup issues
- Old localhost tabs accumulate: Step 9 only cleans
http://localhost:1455/auth* - If your CPA uses a different port, update the cleanup filter in
background.js
Recommended Workflow
1. Configure sidebar (CPA URL, Mail service, credentials)
2. Run Step 1 manually → verify OAuth link appears
3. Run Steps 2-4 manually → confirm email + OTP flow works
4. If successful, enable Auto with N=5 for a test batch
5. Scale up rounds once flow is stable
Note: Always test single-step flow before enabling Auto. The most fragile steps are Step 8 (OAuth consent click) and Step 4/7 (OTP timing). Use Inbucket for most reliable OTP delivery in automated runs.