LIVE|CLI v0.144.0·model GPT-5.6 Sol·verified 2026-07-09
Codex Insider
The unofficial wire for OpenAI Codex.
community-trackedCLIIDEpublished Jul 15, 2026 · facts verified Jul 9, 2026
codex — session
$ codex

stream error: exceeded retry limit, last status: 401 Unauthorized

exit code 1
The fix do this first

Two local causes cover most reports. First, a stale ~/.codex/auth.json: quit your IDE or CLI session, run `mv ~/.codex/auth.json ~/.codex/auth.json.bak`, relaunch, and sign back in with ChatGPT. Second, an OPENAI_API_KEY environment variable silently overriding your OAuth token: unset it. If you authenticate with a business access token, the 401 is a known server-side problem with no user-side fix — watch the open GitHub tracker.

Affected versions: reports span CLI 0.27.0 through 0.135.0 and VS Code extension 0.4.58; cause-dependent, not tied to one release

Codex retries a failed request five times, then gives up with stream error: exceeded retry limit, last status: 401 Unauthorized. A 401 means the server rejected the credential Codex sent, so this is an authentication problem — unlike a 429, which is a usage-limit problem (see /limits/ if that’s what you’re hitting).

Symptoms

Cause

Three documented causes, each with its own fix path:

  1. A stale or corrupt ~/.codex/auth.json. A wave of these hit VS Code and Cursor users after the gpt-5-codex release; the stored token stops being accepted.
  2. An OPENAI_API_KEY environment variable outranking your OAuth token. Issue #15151 documents the CLI silently preferring the env var even when you signed in with ChatGPT, producing a misleading missing-scopes 401.
  3. Business access tokens broken upstream. Issue #25246, an open tracker, reports tokens from the ChatGPT admin panel failing across old and new Codex versions alike — which points server-side.

Fix

  1. Quit your IDE (or end the CLI session) completely.
  2. Move the auth file aside: mv ~/.codex/auth.json ~/.codex/auth.json.bak.
  3. Relaunch and sign back in with ChatGPT. Multiple forum repliers confirm this alone resolves it.
  4. Still 401? Check for a lurking key: echo $OPENAI_API_KEY. If it’s set, unset OPENAI_API_KEY and rerun — #15151’s reporter aliased codex to unset it first as a permanent workaround.
  5. If you authenticate via a business access token (CODEX_ACCESS_TOKEN), skip local debugging. That failure is tracked upstream with no user-side fix; subscribe to the issue instead.

These steps don’t rescue every case — one enterprise OAuth user on VS Code tried re-login, auth.json deletion, and reinstalls without success, and that report remains open.

Affected versions

Reports span CLI 0.27.0 (August 2025) through 0.135.0 (May 2026), plus VS Code extension 0.4.58. This is a recurring error class keyed to auth state, not a single broken release.

Facts on this page verified July 15, 2026.

Sources
  1. openai/codex #25246 — Tracker: Codex business access-tokens broken (401 unauthorized), open
  2. openai/codex #15151 — OPENAI_API_KEY env var silently overrides OAuth token
  3. openai/codex #9227 — VS Code extension 401 Unauthorized (enterprise OAuth)
  4. OpenAI community forum — auth.json reset fix, confirmed by repliers
  5. openai/codex #2896 — original CLI report of the exact error string (closed)