stream error: exceeded retry limit, last status: 401 Unauthorized
Two local causes cover most reports. First, a stale ~/.codex/auth.json: quit your IDE or CLI session, run `mv ~/.codex/auth.json ~/.codex/auth.json.bak`, relaunch, and sign back in with ChatGPT. Second, an OPENAI_API_KEY environment variable silently overriding your OAuth token: unset it. If you authenticate with a business access token, the 401 is a known server-side problem with no user-side fix — watch the open GitHub tracker.
Affected versions: reports span CLI 0.27.0 through 0.135.0 and VS Code extension 0.4.58; cause-dependent, not tied to one release
Codex retries a failed request five times, then gives up with stream error: exceeded retry limit, last status: 401 Unauthorized. A 401 means the server rejected the credential Codex sent, so this is an authentication problem — unlike a 429, which is a usage-limit problem (see /limits/ if that’s what you’re hitting).
Symptoms
- The session dies after a visible retry ramp —
retrying 1/5 in 211ms…with growing backoff — then the 401 line. - It hits every auth mode: API keys, ChatGPT/OAuth sign-in, and business access tokens.
- ChatGPT on the web can keep working while Codex fails — one VS Code reporter confirmed exactly that, because the web session uses a separate credential.
Cause
Three documented causes, each with its own fix path:
- A stale or corrupt
~/.codex/auth.json. A wave of these hit VS Code and Cursor users after the gpt-5-codex release; the stored token stops being accepted. - An
OPENAI_API_KEYenvironment variable outranking your OAuth token. Issue #15151 documents the CLI silently preferring the env var even when you signed in with ChatGPT, producing a misleading missing-scopes 401. - Business access tokens broken upstream. Issue #25246, an open tracker, reports tokens from the ChatGPT admin panel failing across old and new Codex versions alike — which points server-side.
Fix
- Quit your IDE (or end the CLI session) completely.
- Move the auth file aside:
mv ~/.codex/auth.json ~/.codex/auth.json.bak. - Relaunch and sign back in with ChatGPT. Multiple forum repliers confirm this alone resolves it.
- Still 401? Check for a lurking key:
echo $OPENAI_API_KEY. If it’s set,unset OPENAI_API_KEYand rerun — #15151’s reporter aliasedcodexto unset it first as a permanent workaround. - If you authenticate via a business access token (
CODEX_ACCESS_TOKEN), skip local debugging. That failure is tracked upstream with no user-side fix; subscribe to the issue instead.
These steps don’t rescue every case — one enterprise OAuth user on VS Code tried re-login, auth.json deletion, and reinstalls without success, and that report remains open.
Affected versions
Reports span CLI 0.27.0 (August 2025) through 0.135.0 (May 2026), plus VS Code extension 0.4.58. This is a recurring error class keyed to auth state, not a single broken release.
Facts on this page verified July 15, 2026.
- openai/codex #25246 — Tracker: Codex business access-tokens broken (401 unauthorized), open
- openai/codex #15151 — OPENAI_API_KEY env var silently overrides OAuth token
- openai/codex #9227 — VS Code extension 401 Unauthorized (enterprise OAuth)
- OpenAI community forum — auth.json reset fix, confirmed by repliers
- openai/codex #2896 — original CLI report of the exact error string (closed)