What version of the Codex App are you using (From “About Codex” dialog)?
Codex Desktop 26.623.19656.0
What subscription do you have?
Redacted / not relevant to the bug.
What platform is your computer?
Windows x64. Exact OS build omitted.
What issue are you seeing?
OAuth-backed plugin apps can silently lose their login/authentication state, but Codex Desktop does not appear to detect or surface this state.
When the OAuth session/token for a plugin-backed app expires, is revoked, or otherwise becomes invalid:
- The plugin may still appear installed/enabled.
- Codex may continue to expose the plugin capability as if it is usable.
- The app does not clearly show that re-authentication is required.
- The user only discovers the problem indirectly when plugin calls fail, hang, disappear, or behave as unavailable.
- There is no obvious stale-auth indicator, reconnect prompt, or plugin-level login health check in the Codex app UI.
This makes OAuth/plugin failures look like random plugin, MCP, or thread-state bugs instead of a normal expired-login condition.
What steps can reproduce the bug?
- Install or enable a Codex Desktop plugin that uses OAuth login.
- Complete the OAuth login flow successfully.
- Confirm the plugin works in a Codex thread.
- Invalidate the OAuth session externally, for example by revoking access, expiring the token, changing account permissions, or waiting until the login expires.
- Return to Codex Desktop.
- Observe that Codex still appears unaware of the invalid OAuth state.
- Attempt to use the plugin again.
Actual behavior:
- Codex does not proactively mark the plugin as unauthenticated.
- The UI does not clearly prompt the user to reconnect.
- Existing or resumed threads may continue to show stale plugin availability.
- The failure is only visible later through tool/plugin errors or missing capabilities.
What is the expected behavior?
Codex Desktop should detect and surface expired OAuth state for plugin apps.
Expected behavior:
- Plugin status should distinguish installed/enabled from authenticated/usable.
- If OAuth is expired or revoked, Codex should show a clear "Re-authenticate" or "Reconnect" action.
- Threads should not silently continue with stale plugin auth assumptions.
- Plugin/MCP calls should return a clear auth-expired error instead of appearing as generic plugin failure.
- Restarting Codex or starting a new thread should not be required just to discover that OAuth has expired.
Additional information
Please treat this as a plugin authentication state / UX issue, not a user account-specific report. Personal account details, tokens, machine names, local paths, and session IDs are intentionally omitted.
What version of the Codex App are you using (From “About Codex” dialog)?
Codex Desktop 26.623.19656.0
What subscription do you have?
Redacted / not relevant to the bug.
What platform is your computer?
Windows x64. Exact OS build omitted.
What issue are you seeing?
OAuth-backed plugin apps can silently lose their login/authentication state, but Codex Desktop does not appear to detect or surface this state.
When the OAuth session/token for a plugin-backed app expires, is revoked, or otherwise becomes invalid:
This makes OAuth/plugin failures look like random plugin, MCP, or thread-state bugs instead of a normal expired-login condition.
What steps can reproduce the bug?
Actual behavior:
What is the expected behavior?
Codex Desktop should detect and surface expired OAuth state for plugin apps.
Expected behavior:
Additional information
Please treat this as a plugin authentication state / UX issue, not a user account-specific report. Personal account details, tokens, machine names, local paths, and session IDs are intentionally omitted.