A new open-source tool allows developers to bypass OpenAI's paid API by using ChatGPT account credentials, highlighting tensions between convenience and compliance in the AI ecosystem.
A new open-source project called openai-oauth has emerged that enables developers to access OpenAI's API for free using their ChatGPT account credentials. The tool, created by developer Evan Zhou, essentially creates a localhost proxy that forwards requests to OpenAI's backend API using OAuth tokens instead of requiring paid API keys.
How It Works
The project leverages the same authentication mechanism that OpenAI's Codex CLI uses. By intercepting and reusing the OAuth tokens stored locally when users authenticate with ChatGPT, the tool creates a proxy endpoint that mimics OpenAI's API interface. This allows developers to integrate OpenAI models into their applications without purchasing API credits.
"OpenAI's Codex CLI uses a special endpoint at chatgpt.com/backend-api/codex/responses to let you use special OpenAI rate limits tied to your ChatGPT account," explains the project's README. "By using the same Oauth tokens as Codex, we can effectively use OpenAI's API through Oauth instead of buying API credits."
The tool can be used in two primary ways:
- As a CLI tool that runs
npx openai-oauthto create a proxy endpoint athttp://127.0.0.1:10531/v1 - As a Vercel AI SDK provider for integration into applications
Technical Implementation
The project is structured as a monorepo with three main packages:
openai-oauth-core: Contains the shared transport, auth refresh, SSE helpers, and replay stateopenai-oauth-provider: A Vercel AI SDK provider that communicates directly with Codex using local auth filesopenai-oauth: The CLI and localhost proxy package intended for npx usage
The tool supports several OpenAI endpoints including /v1/responses, /v1/chat/completions, and /v1/models. It also features streaming responses, tool calls, and reasoning traces. Configuration options allow users to customize the host, port, model allowlist, OAuth client settings, and more.
Market Implications
This tool appears to fill a gap in the market for developers who want to experiment with OpenAI's models without incurring costs. The project has gained attention in developer communities as an alternative to OpenAI's paid API, which can become expensive for applications with high usage.
However, the tool's existence raises questions about OpenAI's authentication and pricing strategies. By creating a proxy that uses ChatGPT credentials for API access, the tool effectively circumvents OpenAI's monetization efforts for API usage. This could potentially impact OpenAI's revenue stream if widely adopted.
Limitations and Risks
The project comes with several limitations:
- Only LLMs supported by Codex are available, which varies based on the user's Codex plan
- The login flow is intentionally not bundled; users must run
npx @openai/codex loginseparately - No stateful replay support on the CLI
/v1/responsesendpoint - The proxy is stateless and expects callers to send the full conversation history
The project's README includes a prominent legal disclaimer emphasizing that it's unofficial and not affiliated with OpenAI. It warns users to treat the authentication files like password-equivalent credentials and advises against running it as a hosted service or sharing access.
"You are solely responsible for complying with OpenAI's Terms, policies, and any applicable agreements; misuse may result in rate limits, suspension, or termination," the disclaimer states.
Broader Context
The emergence of tools like openai-oauth reflects a broader trend in the AI ecosystem where developers find creative ways to access powerful models through unofficial channels. Similar projects have appeared for other AI providers, often exploiting authentication flows or rate limit differences between consumer and API products.
This situation highlights the ongoing tension between AI companies' need to monetize their models and developers' desire for affordable access. OpenAI and other providers will likely need to refine their authentication and pricing models to address these challenges while maintaining the security and integrity of their services.
The project's GitHub repository has attracted significant attention, with developers praising its ingenuity while others question its long-term viability given potential responses from OpenAI. Whether this tool will persist or be rendered obsolete by changes to OpenAI's authentication system remains to be seen.
Comments
Please log in or register to join the discussion