Show HN: Free OpenAI API Access with ChatGPT Account
Source: Hacker News
Free OpenAI API access with your ChatGPT account.
Just run:
npx openai-oauthHow to Use
You can currently use openai-oauth in two different ways:
openai-oauth CLI
This package creates a localhost proxy to chatgpt.com/backend-api/codex/responses pre‑authenticated with your OAuth tokens.
npx openai-oauthThe OpenAI‑compatible endpoint will be ready at http://127.0.0.1:10531/v1.
Use this as your OpenAI base URL. No API key is required.
Available models: gpt-5.4, gpt-5.3-codex, …
openai-oauth-provider
A Vercel AI SDK provider.
import { generateText } from "ai";
import { createOpenAIOAuth } from "openai-oauth-provider";
const openai = createOpenAIOAuth();
const result = await generateText({
model: openai("gpt-5.4"),
prompt: "write an essay about dogs",
});
console.log(result.text);Configuration
The CLI and the provider share the same core OAuth transport settings.
| Setting | CLI Flag | Provider Option | Default | Description |
|---|---|---|---|---|
| Host binding | --host | N/A | 127.0.0.1 | Host interface the local proxy binds to. |
| Port | --port | N/A | 10531 | Port the local proxy binds to. |
| Model allowlist | --models | N/A | account‑specific | Comma‑separated list of model IDs exposed by /v1/models. If omitted, the CLI discovers the models your account has access to. |
| Codex API version | --codex-version | codexVersion | 0.111.0 | Override the Codex API client version used for model discovery (tries local codex --version, then @openai/codex latest, then fallback). |
| Upstream base URL | --base-url | baseURL | https://chatgpt.com/backend-api/codex | Override the upstream Codex base URL. |
| OAuth client id | --oauth-client-id | clientId | app_EMoamEEZ73f0CkXaXp7hrann | Override the OAuth client ID used for refresh. |
| OAuth token URL | --oauth-token-url | tokenUrl | https://auth.openai.com/oauth/token | Override the OAuth token URL used for refresh. |
| Auth file path | --oauth-file | authFilePath | $CHATGPT_LOCAL_HOME/auth.json, $CODEX_HOME/auth.json, ~/.chatgpt-local/auth.json, ~/.codex/auth.json | Path to the local OAuth auth file. |
| Ensure fresh tokens | N/A | ensureFresh | true | Control whether access tokens are refreshed automatically. |
| Provider name | N/A | name | openai | Override the provider name exposed to Vercel AI SDK internals. |
Features
What currently works:
/v1/responses/v1/chat/completions/v1/models(account‑aware by default, or overridden with--models)- Streaming responses
- Tool calls
- Reasoning traces
Known Limitations
- Only LLMs supported by Codex are available; the list updates over time and depends on your Codex plan.
- Login flow is not bundled. Run
npx @openai/codex loginto create the auth file. - No stateful replay support on the CLI
/v1/responsesendpoint; the proxy is stateless and expects callers to send the full conversation history.
How it Works
OpenAI’s Codex CLI uses a special endpoint at chatgpt.com/backend-api/codex/responses to apply the OpenAI rate limits tied to your ChatGPT account. By reusing the same OAuth tokens as Codex, the proxy can call OpenAI’s API without purchasing API credits.
Monorepo Structure
packages/openai-oauth-core– Private shared transport, auth refresh, SSE helpers, and replay state.packages/openai-oauth-provider– Public Vercel AI SDK provider that talks directly to Codex using local auth files.packages/openai-oauth– Public CLI and localhost proxy package intended fornpx openai-oauth.
Legal
This is an unofficial, community‑maintained project and is not affiliated with, endorsed by, or sponsored by OpenAI, Inc.
It uses your local Codex/ChatGPT authentication cache (e.g., ~/.codex/auth.json) and should be treated like password‑equivalent credentials.
- Use only for personal, local experimentation on trusted machines.
- Do not run as a hosted service, share access, or pool/redistribute tokens.
You are solely responsible for complying with OpenAI’s terms, policies, and any applicable agreements; misuse may result in rate limits, suspension, or termination.
The software is provided “as is” with no warranties; you assume all risk for data exposure, costs, and account actions.