Skip to main content

Documentation Index

Fetch the complete documentation index at: https://authsome.agentr.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

OpenAI’s Codex CLI is a coding agent that runs locally and shells out to other tools. Authsome plugs in cleanly: wrap the agent invocation with uvx authsome run -- and the proxy injects fresh credentials for every service the agent calls.

Run Codex under the auth proxy. Paste this to set up the wrapper.

What you get

  • One login per service. Codex never sees raw client_secrets, tokens, or API keys.
  • Automatic refresh. OAuth tokens stay fresh between Codex sessions.
  • Multi-account support. Run Codex against your work GitHub one minute, personal the next.
  • The same vault. Connections created from Codex live alongside connections from the regular CLI.
uvx authsome login github
uvx authsome login openai
uvx authsome run -- codex
Inside Codex:
  • OPENAI_API_KEY=authsome-proxy-managed is set in Codex’s environment, so its SDK initializes.
  • Outbound HTTPS calls to api.openai.com, api.github.com, and any other matched provider are intercepted and authenticated at the proxy layer.
  • Codex’s own subprocess calls inherit the same HTTP_PROXY / HTTPS_PROXY variables, so tools Codex spawns are also covered.

Alternative: env export before launch

If Codex is running in an environment where the proxy CA cannot be trusted, fall back to env-var export: 
eval "$(uvx authsome export openai --format env)"
eval "$(uvx authsome export github --format env)"
codex
The variables persist for the shell session. Codex (and anything it spawns) reads them as it normally would. Re-run eval after token refresh, or use the proxy pattern above to avoid that step.

Multiple accounts

uvx authsome login github --connection personal
uvx authsome login github --connection work
uvx authsome login github --connection work --force   # switch default to work
uvx authsome run -- codex
The proxy uses each provider’s default connection. To target a non-default connection in a single Codex session, set it as the default with --force first. See Multiple connections per provider.

Embedding the library

If you’re orchestrating Codex from a larger Python program and need explicit per-call control, drop below the proxy into the library: 
from authsome.server.dependencies import create_auth_service

auth = create_auth_service()
key = auth.get_access_token("openai", connection="default")
This pattern is cleaner than passing keys through prompts or hardcoding them into .env files. See Python library.

Troubleshooting

SymptomFix
Codex starts but every API call fails with TLS errorsThe mitmproxy CA isn’t trusted. See Proxy networking.
Codex doesn’t see the env var even though authsome run set itVerify with uvx authsome run -- env | grep OPENAI.
Authsome login hangsuvx authsome doctor and check port 7998 availability.

What’s next

Run agents with the proxy

The injection model in detail.

OpenAI integration

Set up the OpenAI key Codex will use.