codex - 💡(How to fix) Fix Codex Desktop on Windows shows blank white window when auth token is invalidated [1 comments, 2 participants]

Summary

Codex Desktop on Windows opened to a blank white window after the local Codex profile contained an invalidated/stale ChatGPT auth token. The app did not show a sign-in prompt, error state, or recovery option.

Replacing the entire ~/.codex profile with a fresh profile fixed the white screen, but prior conversations appeared missing until the old conversations were manually migrated back while keeping the fresh auth.json.

The local databases were not corrupt (PRAGMA integrity_check returned ok). The strongest signal in the logs is repeated auth failure:

• auth_401_error_code="token_invalidated"
• Your access token could not be refreshed because your refresh token was already used. Please log out and sign in again.
• WebSocket connection failed with 401 Unauthorized

The bug appears to be the Desktop app's handling of this auth failure: it should show a re-login/recovery UI instead of rendering a blank white window.

Environment

• Product: Codex Desktop app
• Platform: Windows
• OS: Windows 10, build 19045
• Install path observed: C:\Program Files\WindowsApps\OpenAI.Codex_26.422.8496.0_x64__2p2nqsd0c76g0\app\Codex.exe
• Product version observed from the running process: 26.422.62136
• App package folder observed: OpenAI.Codex_26.422.8496.0_x64__2p2nqsd0c76g0
• Auth mode: ChatGPT account auth
• Current config excerpt:

model = "gpt-5.5"
model_reasoning_effort = "xhigh"

[plugins."browser-use@openai-bundled"]
enabled = true

[windows]
sandbox = "elevated"

Steps to Reproduce

I do not know the exact original trigger, but this is the state transition that reproduced the recovery behavior:

1. Start Codex Desktop with an existing ~/.codex profile that contains many old conversations and a stale/invalidated auth.json.
2. Codex Desktop opens as a blank white window.
3. Kill Codex:

taskkill /F /IM Codex.exe /T

1. Move the existing profile aside and restore a fresh profile:

ren "%USERPROFILE%\.codex" ".codex.bad"
ren "%USERPROFILE%\.codex.fresh" ".codex"

1. Codex opens normally with the fresh profile, but prior conversations/settings are gone from the UI.
2. If the old profile is restored wholesale, the blank white window returns.
3. If old conversations/session files and state_5.sqlite thread records are migrated into the fresh profile while keeping the fresh auth.json, Codex opens normally and old conversations return.

Expected Behavior

When the ChatGPT auth token is invalidated or the refresh token has already been used, Codex Desktop should:

• Render a clear auth error UI.
• Prompt the user to sign in again.
• Avoid blank-window failure.
• Preserve existing local conversations and workspace metadata.
• Ideally provide a safe recovery path that moves stale auth aside without requiring manual profile surgery.

Actual Behavior

Codex Desktop showed a blank white window when launched with the old profile. No visible error or sign-in prompt appeared.

The only reliable recovery was to:

• Create/use a fresh ~/.codex profile with a valid login.
• Keep the fresh auth.json.
• Manually migrate old session/conversation state back into the fresh profile.
• Avoid restoring the old auth.json.

Relevant Sanitized Logs

From the old profile's logs_2.sqlite:

auth_recovery_mode="managed"
auth_recovery_phase="refresh_token"
auth_recovery_outcome="recovery_failed_permanent"
auth_401_error="401"
auth_401_error_code="token_invalidated"

Turn error: Your access token could not be refreshed because your refresh token was already used. Please log out and sign in again.

failed to connect to websocket: HTTP error: 401 Unauthorized,
url: wss://chatgpt.com/backend-api/codex/responses

worker quit with fatal: Transport channel closed, when UnexpectedContentType(Some("text/plain; body: {
  \"error\": {
    \"message\": \"Your authentication token has been invalidated. Please try signing in again.\",
    \"type\": \"invalid_request_error\",
    \"code\": \"token_invalidated\",
    \"param\": null
  },
  \"status\": 401
}"))

Local Checks

The profile databases did not appear physically corrupt:

state_5.sqlite integrity_check: ok
logs_2.sqlite integrity_check: ok

The old profile contained valid conversation/session data. After migrating conversation data into a fresh logged-in profile, the conversations were visible again.

Workaround

The workaround was:

1. Preserve the old profile as ~/.codex.bad.
2. Keep the fresh profile's auth.json.
3. Copy old sessions, archived_sessions, session_backups, generated_images, and session_index.jsonl.
4. Merge old state_5.sqlite thread tables into the fresh profile.
5. Do not restore old auth.json or stale auth/session credentials.

Request

Please improve Codex Desktop's auth failure handling so that invalidated/stale auth state cannot leave the user with a blank white window. A visible sign-in prompt or profile recovery path would prevent data-loss panic and avoid manual profile editing.

It may also be useful to document which files are safe to migrate from an old profile and which files, such as auth.json, should not be copied when recovering from auth-token invalidation.