Does this affect local machine authentication?

No, this specific issue is reported to occur only in remote/VPS/SSH environments where there's no local browser available on the server to handle the OAuth redirect directly.

Is this a problem with my SSH client or PTY?

The GitHub issue indicates this is unlikely to be a wrapper/PTY integration bug. The problem appears to be deeper within the OpenClaw authentication backend (`@mariozechner/pi-ai`)'s handling of the remote callback.

What if I don't have proxies set up on my VPS?

Even without explicit proxy settings (`HTTP_PROXY`, etc.), network configurations on the server or the hosting provider could potentially interfere with the callback. The issue might not be a traditional proxy problem but rather a network reachability or firewalling issue for the callback endpoint.

Fix: OpenAI Codex OAuth Hangs in Remote VPS/SSH

TL;DR — Quick Fix

The OpenAI Codex OAuth flow hangs after pasting the redirect URL in a remote shell due to the `@mariozechner/pi-ai` backend getting stuck. The fix involves ensuring the `pi-ai` service can properly handle the callback.

Run Diagnostics

Next Step

Fix now, then reduce repeat incidents

If this issue keeps coming back, validate your setup in Doctor first, then harden your config.

Open Doctor Harden Config

Error Signal

OpenClaw process never completedhangs and never completes

What's Happening

When you try to authenticate with OpenAI Codex using openclaw models auth login --provider openai-codex in a remote SSH session (like on a VPS), the process gets stuck. It shows you the OAuth URL, you complete the sign-in in your local browser, and then paste the redirect URL back. After pasting, the CLI hangs and eventually times out.

This has been observed even in automated runner environments, not just manual SSH. It suggests the issue isn't with the wrapper itself, but how OpenClaw or its @mariozechner/pi-ai dependency handles the callback in a non-local environment.

The Fix

While a definitive fix for the underlying @mariozechner/pi-ai callback handling in remote scenarios isn't detailed in the discussion, the most direct workaround is to ensure the pi-ai process can communicate correctly after the redirect. If you're running this on a VPS without a local browser, you're essentially using the manual callback path.

The discussion points to the possibility of network or proxy issues on the server side, even if not explicitly configured. Try running the login command again after ensuring no unexpected network restrictions are in place on your VPS.

If the issue persists, check the linked GitHub issue for any updates or new workarounds proposed by the OpenClaw team or community.

Why This Occurs

The problem lies in the @mariozechner/pi-ai library's remote manual completion flow. After you paste the redirect URL, the pi-ai service, which is part of the OpenClaw authentication backend, seems to fail to process the callback correctly. This might be due to how it expects to receive and handle the redirect data in a non-interactive, remote shell environment. The lack of a local browser and potential network configurations (even subtle ones) on the server can disrupt this process, leading to the hang.

It's not a PTY or wrapper bug. The core pi-ai auth handling is the sticking point.

Prevention

Keep your OpenClaw version updated. Monitor the linked GitHub issue (openclaw/openclaw#41885) for updates and patches that might address the callback handling in remote environments. If you're consistently running auth flows in remote shells, be mindful of server network configurations and ensure there are no outbound restrictions that could interfere with the authentication callback.

If you discover specific server configurations or network settings that resolve this for you, please share them on the GitHub issue.

Last Updated: March 2026

Did this guide solve your problem?