codex - 💡(How to fix) Fix VS Code/Windsurf Codex extension stuck on infinite spinner — refresh_token_reused causes auth loop [1 comments, 2 participants]

What version of the IDE extension are you using?

openai.chatgpt-0.4.46-linux-x64 (Codex – OpenAI's coding agent) Codex CLI version: 0.125.0

What subscription do you have?

Plus

Which IDE are you using?

VS Code and Windsurf

What platform is your computer?

Linux 6.8.0-110-generic x86_64 x86_64

What issue are you seeing?

The Codex sidebar shows an infinite loading spinner and never becomes usable. No error or re-auth prompt is shown in the UI at any point.

Root cause found in the extension log at: ~/.config/Code/logs/<session>/window1/exthost/openai.chatgpt/Codex.log

Key errors (repeating in a tight loop):

[CodexMcpConnection] cli: Failed to refresh token: 401 Unauthorized: { "error": { "message": "Your refresh token has already been used to generate a new access token. Please try signing in again.", "type": "invalid_request_error", "code": "refresh_token_reused" } }

codex_models_manager: failed to refresh available models: token_invalidated url: https://chatgpt.com/backend-api/codex/models

rmcp::transport::worker: worker quit with fatal: Transport channel closed — token_invalidated (401)

The extension retries authentication in an infinite loop and never surfaces a "Sign in again" prompt to the user. The only fix is to manually delete ~/.codex/auth.json and run codex auth login — there is no in-app recovery path.

Secondary (unrelated) noise also loops in the log: "unsupported feature enablement workspace_dependencies: currently supported features are apps, memories, plugins, tool_search, tool_suggest, tool_call_mcp_elicitation"

What steps can reproduce the bug?

1. Have the Codex extension installed and authenticated (working state).
2. Sign in to your OpenAI/ChatGPT account from a second device or browser session — this invalidates the refresh token stored locally in ~/.codex/auth.json.
3. Reopen VS Code or Windsurf.
4. Open the Codex sidebar.

Result: sidebar spins indefinitely. No re-auth prompt appears. No error is shown in the UI. The extension silently retries the invalidated token in a loop.

What is the expected behavior?

When the extension receives a 401 token_invalidated or refresh_token_reused error from the backend, it should:

1. Stop retrying immediately.
2. Show a visible "Your session has expired — Sign in again" prompt in the sidebar.
3. On click, trigger the OAuth re-authentication flow.

Currently none of this happens — the failure is completely silent to the user.

Additional information

Workaround (manual): rm ~/.codex/auth.json codex auth login

This restores functionality immediately after re-authentication.

The issue appears to be triggered specifically when a token rotation occurs from another session (e.g. logging in on a second machine), making the locally cached refresh token stale. The extension has no mechanism to detect or recover from this state without manual intervention.

Related community threads reporting the same symptom:

• https://community.openai.com/t/codex-vs-code-extension-stuck-on-infinite-loading-after-frozen-chat-session/1367741
• https://github.com/openai/codex/issues/11046
• https://github.com/openai/codex/issues/7082