Summary
Codex Desktop on Windows opened to a blank white window after the local Codex profile contained an invalidated/stale ChatGPT auth token. The app did not show a sign-in prompt, error state, or recovery option.
Replacing the entire ~/.codex profile with a fresh profile fixed the white screen, but prior conversations appeared missing until the old conversations were manually migrated back while keeping the fresh auth.json.
The local databases were not corrupt (PRAGMA integrity_check returned ok). The strongest signal in the logs is repeated auth failure:
auth_401_error_code="token_invalidated"Your access token could not be refreshed because your refresh token was already used. Please log out and sign in again.- WebSocket connection failed with
401 Unauthorized
The bug appears to be the Desktop app's handling of this auth failure: it should show a re-login/recovery UI instead of rendering a blank white window.
Environment
- Product: Codex Desktop app
- Platform: Windows
- OS: Windows 10, build 19045
- Install path observed:
C:\Program Files\WindowsApps\OpenAI.Codex_26.422.8496.0_x64__2p2nqsd0c76g0\app\Codex.exe
- Product version observed from the running process:
26.422.62136
- App package folder observed:
OpenAI.Codex_26.422.8496.0_x64__2p2nqsd0c76g0
- Auth mode: ChatGPT account auth
- Current config excerpt:
model = "gpt-5.5"
model_reasoning_effort = "xhigh"
[plugins."browser-use@openai-bundled"]
enabled = true
[windows]
sandbox = "elevated"
Steps to Reproduce
I do not know the exact original trigger, but this is the state transition that reproduced the recovery behavior:
- Start Codex Desktop with an existing
~/.codex profile that contains many old conversations and a stale/invalidated auth.json.
- Codex Desktop opens as a blank white window.
- Kill Codex:
taskkill /F /IM Codex.exe /T
- Move the existing profile aside and restore a fresh profile:
ren "%USERPROFILE%\.codex" ".codex.bad"
ren "%USERPROFILE%\.codex.fresh" ".codex"
- Codex opens normally with the fresh profile, but prior conversations/settings are gone from the UI.
- If the old profile is restored wholesale, the blank white window returns.
- If old conversations/session files and
state_5.sqlite thread records are migrated into the fresh profile while keeping the fresh auth.json, Codex opens normally and old conversations return.
Expected Behavior
When the ChatGPT auth token is invalidated or the refresh token has already been used, Codex Desktop should:
- Render a clear auth error UI.
- Prompt the user to sign in again.
- Avoid blank-window failure.
- Preserve existing local conversations and workspace metadata.
- Ideally provide a safe recovery path that moves stale auth aside without requiring manual profile surgery.
Actual Behavior
Codex Desktop showed a blank white window when launched with the old profile. No visible error or sign-in prompt appeared.
The only reliable recovery was to:
- Create/use a fresh
~/.codex profile with a valid login.
- Keep the fresh
auth.json.
- Manually migrate old session/conversation state back into the fresh profile.
- Avoid restoring the old
auth.json.
Relevant Sanitized Logs
From the old profile's logs_2.sqlite:
auth_recovery_mode="managed"
auth_recovery_phase="refresh_token"
auth_recovery_outcome="recovery_failed_permanent"
auth_401_error="401"
auth_401_error_code="token_invalidated"
Turn error: Your access token could not be refreshed because your refresh token was already used. Please log out and sign in again.
failed to connect to websocket: HTTP error: 401 Unauthorized,
url: wss://chatgpt.com/backend-api/codex/responses
worker quit with fatal: Transport channel closed, when UnexpectedContentType(Some("text/plain; body: {
\"error\": {
\"message\": \"Your authentication token has been invalidated. Please try signing in again.\",
\"type\": \"invalid_request_error\",
\"code\": \"token_invalidated\",
\"param\": null
},
\"status\": 401
}"))
Local Checks
The profile databases did not appear physically corrupt:
state_5.sqlite integrity_check: ok
logs_2.sqlite integrity_check: ok
The old profile contained valid conversation/session data. After migrating conversation data into a fresh logged-in profile, the conversations were visible again.
Workaround
The workaround was:
- Preserve the old profile as
~/.codex.bad.
- Keep the fresh profile's
auth.json.
- Copy old
sessions, archived_sessions, session_backups, generated_images, and session_index.jsonl.
- Merge old
state_5.sqlite thread tables into the fresh profile.
- Do not restore old
auth.json or stale auth/session credentials.
Request
Please improve Codex Desktop's auth failure handling so that invalidated/stale auth state cannot leave the user with a blank white window. A visible sign-in prompt or profile recovery path would prevent data-loss panic and avoid manual profile editing.
It may also be useful to document which files are safe to migrate from an old profile and which files, such as auth.json, should not be copied when recovering from auth-token invalidation.
Summary
Codex Desktop on Windows opened to a blank white window after the local Codex profile contained an invalidated/stale ChatGPT auth token. The app did not show a sign-in prompt, error state, or recovery option.
Replacing the entire
~/.codexprofile with a fresh profile fixed the white screen, but prior conversations appeared missing until the old conversations were manually migrated back while keeping the freshauth.json.The local databases were not corrupt (
PRAGMA integrity_checkreturnedok). The strongest signal in the logs is repeated auth failure:auth_401_error_code="token_invalidated"Your access token could not be refreshed because your refresh token was already used. Please log out and sign in again.401 UnauthorizedThe bug appears to be the Desktop app's handling of this auth failure: it should show a re-login/recovery UI instead of rendering a blank white window.
Environment
C:\Program Files\WindowsApps\OpenAI.Codex_26.422.8496.0_x64__2p2nqsd0c76g0\app\Codex.exe26.422.62136OpenAI.Codex_26.422.8496.0_x64__2p2nqsd0c76g0Steps to Reproduce
I do not know the exact original trigger, but this is the state transition that reproduced the recovery behavior:
~/.codexprofile that contains many old conversations and a stale/invalidatedauth.json.taskkill /F /IM Codex.exe /Tstate_5.sqlitethread records are migrated into the fresh profile while keeping the freshauth.json, Codex opens normally and old conversations return.Expected Behavior
When the ChatGPT auth token is invalidated or the refresh token has already been used, Codex Desktop should:
Actual Behavior
Codex Desktop showed a blank white window when launched with the old profile. No visible error or sign-in prompt appeared.
The only reliable recovery was to:
~/.codexprofile with a valid login.auth.json.auth.json.Relevant Sanitized Logs
From the old profile's
logs_2.sqlite:Local Checks
The profile databases did not appear physically corrupt:
The old profile contained valid conversation/session data. After migrating conversation data into a fresh logged-in profile, the conversations were visible again.
Workaround
The workaround was:
~/.codex.bad.auth.json.sessions,archived_sessions,session_backups,generated_images, andsession_index.jsonl.state_5.sqlitethread tables into the fresh profile.auth.jsonor stale auth/session credentials.Request
Please improve Codex Desktop's auth failure handling so that invalidated/stale auth state cannot leave the user with a blank white window. A visible sign-in prompt or profile recovery path would prevent data-loss panic and avoid manual profile editing.
It may also be useful to document which files are safe to migrate from an old profile and which files, such as
auth.json, should not be copied when recovering from auth-token invalidation.