What is the supported Codex auth flow for native mobile clients?

[RobinSrimal]

We are building a mobile-first native client and want to understand whether Codex / ChatGPT subscription auth is intended to work outside the CLI/desktop model.

Today the browser login flow appears to rely on a loopback redirect:

http://localhost:1455/auth/callback

That works on desktop/CLI because the process stays alive while the browser is open. On mobile, opening Safari/Chrome can background or suspend the app, so an in-app localhost listener may not survive long enough to receive the callback.

Device-code auth seems like a possible alternative, but it appears to have workspace/account constraints. In testing, the browser accepted the device code, but the final token exchange failed.

Questions:

1. Is Codex / ChatGPT subscription auth intended to be supported for third-party native mobile clients?
2. If yes, what callback/auth mechanism is recommended on iOS/Android?
3. Is the localhost callback flow intended to be desktop/CLI-only?
4. Is device-code auth expected to be generally available, or only for specific workspace/headless setups?
5. If mobile clients are not supported, should apps use normal OpenAI API auth via a backend instead?

A clear statement on the supported path would help avoid building against accidental CLI-only behavior.