What is LoginWithChatGPT?

LoginWithChatGPT is an experimental component built by Savio Martin, co-founder and CTO of Result, that lets users sign in with their personal ChatGPT account inside a third-party website. It reverse-engineers OpenAI's Codex CLI device authorization flow into a web-friendly OAuth-style login. Prompts run through the Codex SDK (e.g. gpt-5.5-codex-fast) and bill against the user's ChatGPT plan quota — not the app developer's OpenAI API key. Demo: login-with-chatgpt.vercel.app.

Is LoginWithChatGPT against OpenAI's terms of service?

Unclear — and Savio Martin says he is waiting for OpenAI to respond before open-sourcing the library. Critics on X argue third-party sites should use the official API, not consumer subscription credentials. Savio counters that OpenAI documentation allows third-party access via Codex CLI — the same pattern OpenClaw and Hermes use locally. Until OpenAI publishes explicit guidance for embedded web OAuth, treat production use as TOS risk including possible account suspension.

How does LoginWithChatGPT work technically?

It mirrors Codex CLI device auth: the user enables "device code authorization for Codex" in ChatGPT Settings → Security & Login, receives a one-time code, and authorizes the app. The site then uses the Codex SDK to call models like gpt-5.5-codex-fast with responses.create(). Usage counts against the logged-in user's subscription limits — including ChatGPT Free per Savio's replies, though free-tier rate limits apply.

Who pays for API usage with LoginWithChatGPT?

The end user, via their ChatGPT subscription entitlement — not the app developer. That is the entire value proposition for indie builders: zero OpenAI API invoices on the server side. It is the inverse of bring-your-own-key patterns; here the user brings their own subscription.

How is this different from OpenClaw or usemysub.com?

OpenClaw routes Codex OAuth for local agent harnesses on the user's machine. usemysub.com and similar services resell or pool subscription access as pseudo-API endpoints. LoginWithChatGPT targets embeddable web/mobile UX — a LoginWithChatGPT button component — so SaaS founders can offload inference cost to users' plans. All three sit in the subscription-vs-API gray zone explainx.ai has covered for Anthropic and OpenAI separately.

Should I ship LoginWithChatGPT in production?

Not yet for anything you cannot afford to lose. The project is explicitly experimental, not open-sourced pending OpenAI's TOS read, and sits in the same enforcement bucket as subscription resellers Anthropic has blocked. Prototype and demos are fine; production apps should use official OpenAI API billing, ChatGPT Apps/SDK partnerships when available, or clearly disclosed bring-your-own-key flows until OpenAI blesses this pattern.

What is LoginWithChatGPT?

LoginWithChatGPT is an experimental component built by Savio Martin, co-founder and CTO of Result, that lets users sign in with their personal ChatGPT account inside a third-party website. It reverse-engineers OpenAI's Codex CLI device authorization flow into a web-friendly OAuth-style login. Prompts run through the Codex SDK (e.g. gpt-5.5-codex-fast) and bill against the user's ChatGPT plan quota — not the app developer's OpenAI API key. Demo: login-with-chatgpt.vercel.app.

Is LoginWithChatGPT against OpenAI's terms of service?

Unclear — and Savio Martin says he is waiting for OpenAI to respond before open-sourcing the library. Critics on X argue third-party sites should use the official API, not consumer subscription credentials. Savio counters that OpenAI documentation allows third-party access via Codex CLI — the same pattern OpenClaw and Hermes use locally. Until OpenAI publishes explicit guidance for embedded web OAuth, treat production use as TOS risk including possible account suspension.

How does LoginWithChatGPT work technically?

It mirrors Codex CLI device auth: the user enables "device code authorization for Codex" in ChatGPT Settings → Security & Login, receives a one-time code, and authorizes the app. The site then uses the Codex SDK to call models like gpt-5.5-codex-fast with responses.create(). Usage counts against the logged-in user's subscription limits — including ChatGPT Free per Savio's replies, though free-tier rate limits apply.

Who pays for API usage with LoginWithChatGPT?

The end user, via their ChatGPT subscription entitlement — not the app developer. That is the entire value proposition for indie builders: zero OpenAI API invoices on the server side. It is the inverse of bring-your-own-key patterns; here the user brings their own subscription.

How is this different from OpenClaw or usemysub.com?

OpenClaw routes Codex OAuth for local agent harnesses on the user's machine. usemysub.com and similar services resell or pool subscription access as pseudo-API endpoints. LoginWithChatGPT targets embeddable web/mobile UX — a LoginWithChatGPT button component — so SaaS founders can offload inference cost to users' plans. All three sit in the subscription-vs-API gray zone explainx.ai has covered for Anthropic and OpenAI separately.

Should I ship LoginWithChatGPT in production?

Not yet for anything you cannot afford to lose. The project is explicitly experimental, not open-sourced pending OpenAI's TOS read, and sits in the same enforcement bucket as subscription resellers Anthropic has blocked. Prototype and demos are fine; production apps should use official OpenAI API billing, ChatGPT Apps/SDK partnerships when available, or clearly disclosed bring-your-own-key flows until OpenAI blesses this pattern.

What is LoginWithChatGPT?

LoginWithChatGPT is an experimental component built by Savio Martin, co-founder and CTO of Result, that lets users sign in with their personal ChatGPT account inside a third-party website. It reverse-engineers OpenAI's Codex CLI device authorization flow into a web-friendly OAuth-style login. Prompts run through the Codex SDK (e.g. gpt-5.5-codex-fast) and bill against the user's ChatGPT plan quota — not the app developer's OpenAI API key. Demo: login-with-chatgpt.vercel.app.

Is LoginWithChatGPT against OpenAI's terms of service?

Unclear — and Savio Martin says he is waiting for OpenAI to respond before open-sourcing the library. Critics on X argue third-party sites should use the official API, not consumer subscription credentials. Savio counters that OpenAI documentation allows third-party access via Codex CLI — the same pattern OpenClaw and Hermes use locally. Until OpenAI publishes explicit guidance for embedded web OAuth, treat production use as TOS risk including possible account suspension.

How does LoginWithChatGPT work technically?

It mirrors Codex CLI device auth: the user enables "device code authorization for Codex" in ChatGPT Settings → Security & Login, receives a one-time code, and authorizes the app. The site then uses the Codex SDK to call models like gpt-5.5-codex-fast with responses.create(). Usage counts against the logged-in user's subscription limits — including ChatGPT Free per Savio's replies, though free-tier rate limits apply.

Who pays for API usage with LoginWithChatGPT?

The end user, via their ChatGPT subscription entitlement — not the app developer. That is the entire value proposition for indie builders: zero OpenAI API invoices on the server side. It is the inverse of bring-your-own-key patterns; here the user brings their own subscription.

How is this different from OpenClaw or usemysub.com?

OpenClaw routes Codex OAuth for local agent harnesses on the user's machine. usemysub.com and similar services resell or pool subscription access as pseudo-API endpoints. LoginWithChatGPT targets embeddable web/mobile UX — a LoginWithChatGPT button component — so SaaS founders can offload inference cost to users' plans. All three sit in the subscription-vs-API gray zone explainx.ai has covered for Anthropic and OpenAI separately.

Should I ship LoginWithChatGPT in production?

Not yet for anything you cannot afford to lose. The project is explicitly experimental, not open-sourced pending OpenAI's TOS read, and sits in the same enforcement bucket as subscription resellers Anthropic has blocked. Prototype and demos are fine; production apps should use official OpenAI API billing, ChatGPT Apps/SDK partnerships when available, or clearly disclosed bring-your-own-key flows until OpenAI blesses this pattern.

What is LoginWithChatGPT?

LoginWithChatGPT is an experimental component built by Savio Martin, co-founder and CTO of Result, that lets users sign in with their personal ChatGPT account inside a third-party website. It reverse-engineers OpenAI's Codex CLI device authorization flow into a web-friendly OAuth-style login. Prompts run through the Codex SDK (e.g. gpt-5.5-codex-fast) and bill against the user's ChatGPT plan quota — not the app developer's OpenAI API key. Demo: login-with-chatgpt.vercel.app.

Is LoginWithChatGPT against OpenAI's terms of service?

Unclear — and Savio Martin says he is waiting for OpenAI to respond before open-sourcing the library. Critics on X argue third-party sites should use the official API, not consumer subscription credentials. Savio counters that OpenAI documentation allows third-party access via Codex CLI — the same pattern OpenClaw and Hermes use locally. Until OpenAI publishes explicit guidance for embedded web OAuth, treat production use as TOS risk including possible account suspension.

How does LoginWithChatGPT work technically?

It mirrors Codex CLI device auth: the user enables "device code authorization for Codex" in ChatGPT Settings → Security & Login, receives a one-time code, and authorizes the app. The site then uses the Codex SDK to call models like gpt-5.5-codex-fast with responses.create(). Usage counts against the logged-in user's subscription limits — including ChatGPT Free per Savio's replies, though free-tier rate limits apply.

Who pays for API usage with LoginWithChatGPT?

The end user, via their ChatGPT subscription entitlement — not the app developer. That is the entire value proposition for indie builders: zero OpenAI API invoices on the server side. It is the inverse of bring-your-own-key patterns; here the user brings their own subscription.

How is this different from OpenClaw or usemysub.com?

OpenClaw routes Codex OAuth for local agent harnesses on the user's machine. usemysub.com and similar services resell or pool subscription access as pseudo-API endpoints. LoginWithChatGPT targets embeddable web/mobile UX — a LoginWithChatGPT button component — so SaaS founders can offload inference cost to users' plans. All three sit in the subscription-vs-API gray zone explainx.ai has covered for Anthropic and OpenAI separately.

Should I ship LoginWithChatGPT in production?

Not yet for anything you cannot afford to lose. The project is explicitly experimental, not open-sourced pending OpenAI's TOS read, and sits in the same enforcement bucket as subscription resellers Anthropic has blocked. Prototype and demos are fine; production apps should use official OpenAI API billing, ChatGPT Apps/SDK partnerships when available, or clearly disclosed bring-your-own-key flows until OpenAI blesses this pattern.

What is LoginWithChatGPT?

LoginWithChatGPT is an experimental component built by Savio Martin, co-founder and CTO of Result, that lets users sign in with their personal ChatGPT account inside a third-party website. It reverse-engineers OpenAI's Codex CLI device authorization flow into a web-friendly OAuth-style login. Prompts run through the Codex SDK (e.g. gpt-5.5-codex-fast) and bill against the user's ChatGPT plan quota — not the app developer's OpenAI API key. Demo: login-with-chatgpt.vercel.app.

Is LoginWithChatGPT against OpenAI's terms of service?

Unclear — and Savio Martin says he is waiting for OpenAI to respond before open-sourcing the library. Critics on X argue third-party sites should use the official API, not consumer subscription credentials. Savio counters that OpenAI documentation allows third-party access via Codex CLI — the same pattern OpenClaw and Hermes use locally. Until OpenAI publishes explicit guidance for embedded web OAuth, treat production use as TOS risk including possible account suspension.

How does LoginWithChatGPT work technically?

It mirrors Codex CLI device auth: the user enables "device code authorization for Codex" in ChatGPT Settings → Security & Login, receives a one-time code, and authorizes the app. The site then uses the Codex SDK to call models like gpt-5.5-codex-fast with responses.create(). Usage counts against the logged-in user's subscription limits — including ChatGPT Free per Savio's replies, though free-tier rate limits apply.

Who pays for API usage with LoginWithChatGPT?

The end user, via their ChatGPT subscription entitlement — not the app developer. That is the entire value proposition for indie builders: zero OpenAI API invoices on the server side. It is the inverse of bring-your-own-key patterns; here the user brings their own subscription.

How is this different from OpenClaw or usemysub.com?

OpenClaw routes Codex OAuth for local agent harnesses on the user's machine. usemysub.com and similar services resell or pool subscription access as pseudo-API endpoints. LoginWithChatGPT targets embeddable web/mobile UX — a LoginWithChatGPT button component — so SaaS founders can offload inference cost to users' plans. All three sit in the subscription-vs-API gray zone explainx.ai has covered for Anthropic and OpenAI separately.

Should I ship LoginWithChatGPT in production?

Not yet for anything you cannot afford to lose. The project is explicitly experimental, not open-sourced pending OpenAI's TOS read, and sits in the same enforcement bucket as subscription resellers Anthropic has blocked. Prototype and demos are fine; production apps should use official OpenAI API billing, ChatGPT Apps/SDK partnerships when available, or clearly disclosed bring-your-own-key flows until OpenAI blesses this pattern.

What is LoginWithChatGPT?

LoginWithChatGPT is an experimental component built by Savio Martin, co-founder and CTO of Result, that lets users sign in with their personal ChatGPT account inside a third-party website. It reverse-engineers OpenAI's Codex CLI device authorization flow into a web-friendly OAuth-style login. Prompts run through the Codex SDK (e.g. gpt-5.5-codex-fast) and bill against the user's ChatGPT plan quota — not the app developer's OpenAI API key. Demo: login-with-chatgpt.vercel.app.

Is LoginWithChatGPT against OpenAI's terms of service?

Unclear — and Savio Martin says he is waiting for OpenAI to respond before open-sourcing the library. Critics on X argue third-party sites should use the official API, not consumer subscription credentials. Savio counters that OpenAI documentation allows third-party access via Codex CLI — the same pattern OpenClaw and Hermes use locally. Until OpenAI publishes explicit guidance for embedded web OAuth, treat production use as TOS risk including possible account suspension.

How does LoginWithChatGPT work technically?

It mirrors Codex CLI device auth: the user enables "device code authorization for Codex" in ChatGPT Settings → Security & Login, receives a one-time code, and authorizes the app. The site then uses the Codex SDK to call models like gpt-5.5-codex-fast with responses.create(). Usage counts against the logged-in user's subscription limits — including ChatGPT Free per Savio's replies, though free-tier rate limits apply.

Who pays for API usage with LoginWithChatGPT?

The end user, via their ChatGPT subscription entitlement — not the app developer. That is the entire value proposition for indie builders: zero OpenAI API invoices on the server side. It is the inverse of bring-your-own-key patterns; here the user brings their own subscription.

How is this different from OpenClaw or usemysub.com?

OpenClaw routes Codex OAuth for local agent harnesses on the user's machine. usemysub.com and similar services resell or pool subscription access as pseudo-API endpoints. LoginWithChatGPT targets embeddable web/mobile UX — a LoginWithChatGPT button component — so SaaS founders can offload inference cost to users' plans. All three sit in the subscription-vs-API gray zone explainx.ai has covered for Anthropic and OpenAI separately.

Should I ship LoginWithChatGPT in production?

Not yet for anything you cannot afford to lose. The project is explicitly experimental, not open-sourced pending OpenAI's TOS read, and sits in the same enforcement bucket as subscription resellers Anthropic has blocked. Prototype and demos are fine; production apps should use official OpenAI API billing, ChatGPT Apps/SDK partnerships when available, or clearly disclosed bring-your-own-key flows until OpenAI blesses this pattern.

What is LoginWithChatGPT?

LoginWithChatGPT is an experimental component built by Savio Martin, co-founder and CTO of Result, that lets users sign in with their personal ChatGPT account inside a third-party website. It reverse-engineers OpenAI's Codex CLI device authorization flow into a web-friendly OAuth-style login. Prompts run through the Codex SDK (e.g. gpt-5.5-codex-fast) and bill against the user's ChatGPT plan quota — not the app developer's OpenAI API key. Demo: login-with-chatgpt.vercel.app.

Is LoginWithChatGPT against OpenAI's terms of service?

Unclear — and Savio Martin says he is waiting for OpenAI to respond before open-sourcing the library. Critics on X argue third-party sites should use the official API, not consumer subscription credentials. Savio counters that OpenAI documentation allows third-party access via Codex CLI — the same pattern OpenClaw and Hermes use locally. Until OpenAI publishes explicit guidance for embedded web OAuth, treat production use as TOS risk including possible account suspension.

How does LoginWithChatGPT work technically?

It mirrors Codex CLI device auth: the user enables "device code authorization for Codex" in ChatGPT Settings → Security & Login, receives a one-time code, and authorizes the app. The site then uses the Codex SDK to call models like gpt-5.5-codex-fast with responses.create(). Usage counts against the logged-in user's subscription limits — including ChatGPT Free per Savio's replies, though free-tier rate limits apply.

Who pays for API usage with LoginWithChatGPT?

The end user, via their ChatGPT subscription entitlement — not the app developer. That is the entire value proposition for indie builders: zero OpenAI API invoices on the server side. It is the inverse of bring-your-own-key patterns; here the user brings their own subscription.

How is this different from OpenClaw or usemysub.com?

OpenClaw routes Codex OAuth for local agent harnesses on the user's machine. usemysub.com and similar services resell or pool subscription access as pseudo-API endpoints. LoginWithChatGPT targets embeddable web/mobile UX — a LoginWithChatGPT button component — so SaaS founders can offload inference cost to users' plans. All three sit in the subscription-vs-API gray zone explainx.ai has covered for Anthropic and OpenAI separately.

Should I ship LoginWithChatGPT in production?

Not yet for anything you cannot afford to lose. The project is explicitly experimental, not open-sourced pending OpenAI's TOS read, and sits in the same enforcement bucket as subscription resellers Anthropic has blocked. Prototype and demos are fine; production apps should use official OpenAI API billing, ChatGPT Apps/SDK partnerships when available, or clearly disclosed bring-your-own-key flows until OpenAI blesses this pattern.

What is LoginWithChatGPT?

LoginWithChatGPT is an experimental component built by Savio Martin, co-founder and CTO of Result, that lets users sign in with their personal ChatGPT account inside a third-party website. It reverse-engineers OpenAI's Codex CLI device authorization flow into a web-friendly OAuth-style login. Prompts run through the Codex SDK (e.g. gpt-5.5-codex-fast) and bill against the user's ChatGPT plan quota — not the app developer's OpenAI API key. Demo: login-with-chatgpt.vercel.app.

Is LoginWithChatGPT against OpenAI's terms of service?

Unclear — and Savio Martin says he is waiting for OpenAI to respond before open-sourcing the library. Critics on X argue third-party sites should use the official API, not consumer subscription credentials. Savio counters that OpenAI documentation allows third-party access via Codex CLI — the same pattern OpenClaw and Hermes use locally. Until OpenAI publishes explicit guidance for embedded web OAuth, treat production use as TOS risk including possible account suspension.

How does LoginWithChatGPT work technically?

It mirrors Codex CLI device auth: the user enables "device code authorization for Codex" in ChatGPT Settings → Security & Login, receives a one-time code, and authorizes the app. The site then uses the Codex SDK to call models like gpt-5.5-codex-fast with responses.create(). Usage counts against the logged-in user's subscription limits — including ChatGPT Free per Savio's replies, though free-tier rate limits apply.

Who pays for API usage with LoginWithChatGPT?

The end user, via their ChatGPT subscription entitlement — not the app developer. That is the entire value proposition for indie builders: zero OpenAI API invoices on the server side. It is the inverse of bring-your-own-key patterns; here the user brings their own subscription.

How is this different from OpenClaw or usemysub.com?

OpenClaw routes Codex OAuth for local agent harnesses on the user's machine. usemysub.com and similar services resell or pool subscription access as pseudo-API endpoints. LoginWithChatGPT targets embeddable web/mobile UX — a LoginWithChatGPT button component — so SaaS founders can offload inference cost to users' plans. All three sit in the subscription-vs-API gray zone explainx.ai has covered for Anthropic and OpenAI separately.

Should I ship LoginWithChatGPT in production?

Not yet for anything you cannot afford to lose. The project is explicitly experimental, not open-sourced pending OpenAI's TOS read, and sits in the same enforcement bucket as subscription resellers Anthropic has blocked. Prototype and demos are fine; production apps should use official OpenAI API billing, ChatGPT Apps/SDK partnerships when available, or clearly disclosed bring-your-own-key flows until OpenAI blesses this pattern.

What is LoginWithChatGPT?

LoginWithChatGPT is an experimental component built by Savio Martin, co-founder and CTO of Result, that lets users sign in with their personal ChatGPT account inside a third-party website. It reverse-engineers OpenAI's Codex CLI device authorization flow into a web-friendly OAuth-style login. Prompts run through the Codex SDK (e.g. gpt-5.5-codex-fast) and bill against the user's ChatGPT plan quota — not the app developer's OpenAI API key. Demo: login-with-chatgpt.vercel.app.

Is LoginWithChatGPT against OpenAI's terms of service?

Unclear — and Savio Martin says he is waiting for OpenAI to respond before open-sourcing the library. Critics on X argue third-party sites should use the official API, not consumer subscription credentials. Savio counters that OpenAI documentation allows third-party access via Codex CLI — the same pattern OpenClaw and Hermes use locally. Until OpenAI publishes explicit guidance for embedded web OAuth, treat production use as TOS risk including possible account suspension.

How does LoginWithChatGPT work technically?

It mirrors Codex CLI device auth: the user enables "device code authorization for Codex" in ChatGPT Settings → Security & Login, receives a one-time code, and authorizes the app. The site then uses the Codex SDK to call models like gpt-5.5-codex-fast with responses.create(). Usage counts against the logged-in user's subscription limits — including ChatGPT Free per Savio's replies, though free-tier rate limits apply.

LoginWithChatGPT: Codex OAuth, TOS & API Alternative (2026) | explainx.ai Blog

On June 26, 2026, Savio Martin — 19-year-old co-founder and CTO of Result — posted an experiment that hit 186K+ views on X in hours: <LoginWithChatGPT />.

The pitch: embed a "Login with ChatGPT" button on your site. Users authorize with a one-time device code from ChatGPT settings. Your app runs prompts through Codex (demo uses gpt-5.5-codex-fast) — and usage draws from the user's ChatGPT plan, not your OpenAI API bill.

Demo: login-with-chatgpt.vercel.app

People immediately split into two camps: indie builders calling it genius for reviving side projects without API invoices, and compliance-minded developers asking whether it violates OpenAI's terms and triggers account bans — the same debate that already burned the Claude subscription reseller ecosystem.

This post answers what people actually search after seeing the thread — not a hype recap.

TL;DR

Question	Answer
What is it?	Web OAuth wrapper around Codex CLI device auth
Who built it?	Savio Martin, CTO of Result — experiment, not shipped OSS yet
Who pays OpenAI?	The logged-in user's ChatGPT subscription
Demo model	`gpt-5.5-codex-fast` via Codex SDK `responses.create()`
Works on free ChatGPT?	Savio says yes — subject to plan rate limits
Open source?	Waiting for OpenAI TOS response before releasing library
TOS safe?	Unknown — treat as risk until OpenAI confirms
Similar tools	OpenClaw Codex OAuth, usemysub.com, Pi `/login` patterns
OpenAI shipped this?	No — Cal.com founder Peer Richelsen: "im surprised they havent shipped that yet"

What problem does LoginWithChatGPT solve?

Indie SaaS math is brutal in 2026: every user prompt on gpt-5.5 or gpt-5.5-codex-fast at API rates adds up fast — especially agentic flows that burn 10×–100× more tokens than chat.

Subscription plans (ChatGPT Plus, Pro, Go) bundle model access at flat monthly prices tuned for human-shaped usage — not unlimited third-party inference farms, but enough that a single-user demo app can feel "free" to the developer if each visitor pays with their own plan.

LoginWithChatGPT externalizes inference cost exactly like OpenClaw's Codex OAuth path — except aimed at embedded web UX instead of a local terminal harness.

The demo site's copy states it plainly:

Add a Login with ChatGPT button to your site. Let users log in with their personal ChatGPT account and run prompts on it. You never pay OpenAI for usage. Works on any plan: Free, Go, Plus, or Pro.

Sample code from the live demo:

const codex = new Codex();

const res = await codex.responses.create({
  model: "gpt-5.5-codex-fast",
  input: "Write a haiku about the ocean.",
});

Output streams in the browser after the user completes device authorization.

How does the login flow work?

The implementation reverse-engineers OpenAI Codex CLI device authentication — the same family of flow CLI tools use when you codex login — into something web apps can trigger.

User steps (from the demo):

Click Login with ChatGPT
Browser opens ChatGPT; user enters a one-time code shown in your app
First-time setup: enable device code authorization for Codex under ChatGPT Settings → Security & Login
App receives authorized session; Codex SDK calls proceed against that user's entitlement

Savio described it on X as building "OAuth inside web/mobile" on top of a flow OpenAI already exposes for CLI and tools like OpenClaw and Hermes — not inventing a new backend API.

Security questions developers raised: token storage, session hijacking, and whether device codes belong in third-party origins at all. Savio has not published a full security model yet — another reason to treat this as experiment-only.

For end users: logging into a random site with your ChatGPT account is the same trust decision as "Sign in with Google" — you are granting a third party ability to spend your model quota. Read what the app requests; revoke device codes in ChatGPT settings if you stop using the app.

Is it against OpenAI's terms of service?

Nobody has a definitive yes/no — including Savio.

On X, developer Eli Abdeen asked the obvious question: "doesn't this violate their terms? if a site is trying to connect gpt models... it should be from the api right?"

Savio's reply (June 26–27, 2026):

OpenAI claims to allow 3rd party apps to access Codex via CLI — ie how OpenClaw/hermes access it. I reverse engineered a way to build this as an OAuth inside web/mobile. not sure how compliant this is to their TOS — Waiting for OpenAI to respond before open sourcing this

explainx.ai read: three layers of risk:

Risk	Why it matters
Terms ambiguity	Consumer subscription ≠ API reseller license; OpenAI can update enforcement overnight
Account action	Users (not just developers) could face limits or bans if classified as abusive routing
Precedent	Anthropic blocked subscription OAuth for third-party harnesses while OpenAI leaned into Codex OAuth for OpenClaw — vendors diverge

Similar services like usemysub.com already operate in this gray zone. That is not proof of safety — it is proof OpenAI has tolerated some patterns while Anthropic actively did not for Claude.

Do not ship production revenue on "OpenAI hasn't stopped me yet."

Who pays? Subscription vs API economics

	LoginWithChatGPT	Official OpenAI API
Billed account	End user's ChatGPT plan	Developer's API project
Developer COGS	~$0 marginal inference	Per-token invoice
Rate limits	Consumer plan caps	Tiered API limits
Compliance	Gray / experimental	Contractual
Best for	Demos, hobby apps, BYOS experiments	Production SaaS

This is the same wallet routing debate as Sam Altman's metered-utility vision vs flat subscriptions — except LoginWithChatGPT lets founders externalize metered cost to users' flat plans, which OpenAI may view as arbitrage if usage scales.

Savio confirmed in replies: all usage passes to the user's active subscription, including users on ChatGPT Free — with the obvious caveat that free tiers hit walls quickly on codex-fast workloads.

Why hasn't OpenAI shipped this officially?

Peer Richelsen (Cal.com) summarized the product gap: surprised OpenAI has not shipped first-party "Login with ChatGPT for developers" OAuth for embedded apps.

Plausible reasons OpenAI moves slowly:

Subscription economics — embedding plan quota in arbitrary third-party sites breaks usage forecasting
Abuse surface — same class of problem as 25,000 fake accounts distilling Claude, but on OpenAI's consumer graph
GPT-5.6 gating — limited preview with government vetting shows frontier models already under access control; consumer OAuth bridges make that harder to enforce
ChatGPT Apps / platform play — OpenAI may prefer partners inside a sanctioned store over arbitrary <LoginWithChatGPT /> embeds

Marko Kraemer noted on X that teams like Kortix are already "CODEX SUB MAXXING" — treating ChatGPT/Codex subscriptions as the default inference wallet for agent products, which makes LoginWithChatGPT less a novelty and more an inevitable product shape.

Comparisons developers ask about

vs OpenClaw + Codex OAuth

OpenClaw authenticates locally — user's machine, user's subscription, user's risk. LoginWithChatGPT moves that pattern to multi-tenant web where your users log in through your domain. Higher leverage for SaaS; higher TOS and security scrutiny.

vs usemysub.com and subscription resellers

Reseller APIs pool or route subscription credentials server-side — often opaque to end users. LoginWithChatGPT is transparent BYOS (bring your own subscription): users know they are spending their ChatGPT quota. Regulators and platforms may treat both similarly if scale grows.

vs Pi `/login` and harness OAuth

Pi documents /login for subscription OAuth providers in a local harness context. Same economic idea — subscription instead of API key — different deployment surface (terminal TUI vs React component).

vs official Codex in Claude Code / Codex CLI

First-party tools are always the safe path. Compare stacks in our Codex vs Claude Code guide if you are choosing a harness anyway.

Should Savio open-source it?

The X thread's most-liked replies say yes — democratize the pattern. Savio's restraint (wait for OpenAI) is the responsible move:

Legal clarity benefits everyone — users, Result, and OpenAI
Open-sourcing before TOS read accelerates abuse clones (wrappers, resellers, malware login pages)
A blessed OpenAI embed would obsolete the hack overnight — or trigger enforcement against forks

If OpenAI blesses CLI-adjacent OAuth for web, expect an official component. If they condemn it, early adopters face retroactive enforcement.

What should builders do today?

Safe paths:

Production SaaS → OpenAI API keys with clear user billing; see Claude/OpenAI pricing guides for comparison math
Personal agents → Codex CLI, Claude Code, or OpenClaw on your machine with your subscription
Cost control → token governance and prompt caching — do not rely on subscription arbitrage at scale

Experiment paths:

Fork the demo UX locally; do not collect user ChatGPT credentials on shared infra without a security review
Watch Savio's X and login-with-chatgpt.vercel.app for OSS drop and OpenAI statement
Assume GPT-5.6 preview gating is the direction — consumer subscription bridges may narrow, not widen

Where this fits the 2026 access-control stack

June 2026 is the month frontier access became political: Fable 5 suspended, Mythos partial restore for critical infrastructure, GPT-5.6 preview vetted by Washington. LoginWithChatGPT is the indie hacker mirror image — routing around developer API bills by piggybacking consumer entitlements.

OpenAI and Anthropic are not symmetric: OpenAI enabled Codex OAuth for OpenClaw; Anthropic closed subscription loops for third parties. LoginWithChatGPT tests how far OpenAI's permissive side stretches into embedded web before someone gets banned.

TL;DR

Question	Answer
What is it?	Web OAuth wrapper around Codex CLI device auth
Who built it?	Savio Martin, CTO of Result — experiment, not shipped OSS yet
Who pays OpenAI?	The logged-in user's ChatGPT subscription
Demo model	`gpt-5.5-codex-fast` via Codex SDK `responses.create()`
Works on free ChatGPT?	Savio says yes — subject to plan rate limits
Open source?	Waiting for OpenAI TOS response before releasing library
TOS safe?	Unknown — treat as risk until OpenAI confirms
Similar tools	OpenClaw Codex OAuth, usemysub.com, Pi `/login` patterns
OpenAI shipped this?	No — Cal.com founder Peer Richelsen: "im surprised they havent shipped that yet"

What problem does LoginWithChatGPT solve?

LoginWithChatGPT externalizes inference cost exactly like OpenClaw's Codex OAuth path — except aimed at embedded web UX instead of a local terminal harness.

The demo site's copy states it plainly:

Add a Login with ChatGPT button to your site. Let users log in with their personal ChatGPT account and run prompts on it. You never pay OpenAI for usage. Works on any plan: Free, Go, Plus, or Pro.

Sample code from the live demo:

const codex = new Codex();

const res = await codex.responses.create({
  model: "gpt-5.5-codex-fast",
  input: "Write a haiku about the ocean.",
});

Output streams in the browser after the user completes device authorization.

How does the login flow work?

The implementation reverse-engineers OpenAI Codex CLI device authentication — the same family of flow CLI tools use when you codex login — into something web apps can trigger.

User steps (from the demo):

Click Login with ChatGPT
Browser opens ChatGPT; user enters a one-time code shown in your app
First-time setup: enable device code authorization for Codex under ChatGPT Settings → Security & Login
App receives authorized session; Codex SDK calls proceed against that user's entitlement

Savio described it on X as building "OAuth inside web/mobile" on top of a flow OpenAI already exposes for CLI and tools like OpenClaw and Hermes — not inventing a new backend API.

Is it against OpenAI's terms of service?

Nobody has a definitive yes/no — including Savio.

On X, developer Eli Abdeen asked the obvious question: "doesn't this violate their terms? if a site is trying to connect gpt models... it should be from the api right?"

Savio's reply (June 26–27, 2026):

OpenAI claims to allow 3rd party apps to access Codex via CLI — ie how OpenClaw/hermes access it. I reverse engineered a way to build this as an OAuth inside web/mobile. not sure how compliant this is to their TOS — Waiting for OpenAI to respond before open sourcing this

explainx.ai read: three layers of risk:

Risk	Why it matters
Terms ambiguity	Consumer subscription ≠ API reseller license; OpenAI can update enforcement overnight
Account action	Users (not just developers) could face limits or bans if classified as abusive routing
Precedent	Anthropic blocked subscription OAuth for third-party harnesses while OpenAI leaned into Codex OAuth for OpenClaw — vendors diverge

Do not ship production revenue on "OpenAI hasn't stopped me yet."

Who pays? Subscription vs API economics

	LoginWithChatGPT	Official OpenAI API
Billed account	End user's ChatGPT plan	Developer's API project
Developer COGS	~$0 marginal inference	Per-token invoice
Rate limits	Consumer plan caps	Tiered API limits
Compliance	Gray / experimental	Contractual
Best for	Demos, hobby apps, BYOS experiments	Production SaaS

Why hasn't OpenAI shipped this officially?

Peer Richelsen (Cal.com) summarized the product gap: surprised OpenAI has not shipped first-party "Login with ChatGPT for developers" OAuth for embedded apps.

Plausible reasons OpenAI moves slowly:

Subscription economics — embedding plan quota in arbitrary third-party sites breaks usage forecasting
Abuse surface — same class of problem as 25,000 fake accounts distilling Claude, but on OpenAI's consumer graph
GPT-5.6 gating — limited preview with government vetting shows frontier models already under access control; consumer OAuth bridges make that harder to enforce
ChatGPT Apps / platform play — OpenAI may prefer partners inside a sanctioned store over arbitrary <LoginWithChatGPT /> embeds

Comparisons developers ask about

vs OpenClaw + Codex OAuth

vs usemysub.com and subscription resellers

vs Pi `/login` and harness OAuth

vs official Codex in Claude Code / Codex CLI

First-party tools are always the safe path. Compare stacks in our Codex vs Claude Code guide if you are choosing a harness anyway.

Should Savio open-source it?

The X thread's most-liked replies say yes — democratize the pattern. Savio's restraint (wait for OpenAI) is the responsible move:

Legal clarity benefits everyone — users, Result, and OpenAI
Open-sourcing before TOS read accelerates abuse clones (wrappers, resellers, malware login pages)
A blessed OpenAI embed would obsolete the hack overnight — or trigger enforcement against forks

If OpenAI blesses CLI-adjacent OAuth for web, expect an official component. If they condemn it, early adopters face retroactive enforcement.

What should builders do today?

Safe paths:

Production SaaS → OpenAI API keys with clear user billing; see Claude/OpenAI pricing guides for comparison math
Personal agents → Codex CLI, Claude Code, or OpenClaw on your machine with your subscription
Cost control → token governance and prompt caching — do not rely on subscription arbitrage at scale

Experiment paths:

Fork the demo UX locally; do not collect user ChatGPT credentials on shared infra without a security review
Watch Savio's X and login-with-chatgpt.vercel.app for OSS drop and OpenAI statement
Assume GPT-5.6 preview gating is the direction — consumer subscription bridges may narrow, not widen

LoginWithChatGPT: Codex Subscription OAuth for Your App

TL;DR

What problem does LoginWithChatGPT solve?

How does the login flow work?

Is it against OpenAI's terms of service?

Who pays? Subscription vs API economics

Why hasn't OpenAI shipped this officially?

Comparisons developers ask about

vs OpenClaw + Codex OAuth

vs usemysub.com and subscription resellers

vs Pi `/login` and harness OAuth

vs official Codex in Claude Code / Codex CLI

Should Savio open-source it?

What should builders do today?

Where this fits the 2026 access-control stack

Related reading

Related posts

OpenClaw meets ChatGPT Plus: OpenAI’s subscription path vs Claude limits

GPT-5.6 Sol, Terra, and Luna: OpenAI Preview Launch Explained

Codex vs Claude Code: The Developer Verdict (June 2026)

LoginWithChatGPT: Codex Subscription OAuth for Your App

TL;DR

What problem does LoginWithChatGPT solve?

How does the login flow work?

Is it against OpenAI's terms of service?

Who pays? Subscription vs API economics

Why hasn't OpenAI shipped this officially?

Comparisons developers ask about

vs OpenClaw + Codex OAuth

vs usemysub.com and subscription resellers

vs Pi `/login` and harness OAuth

vs official Codex in Claude Code / Codex CLI

Should Savio open-source it?

What should builders do today?

Where this fits the 2026 access-control stack

Related reading

Related posts

OpenClaw meets ChatGPT Plus: OpenAI’s subscription path vs Claude limits

GPT-5.6 Sol, Terra, and Luna: OpenAI Preview Launch Explained

Codex vs Claude Code: The Developer Verdict (June 2026)

TL;DR

What problem does LoginWithChatGPT solve?

How does the login flow work?

Is it against OpenAI's terms of service?

Who pays? Subscription vs API economics

Why hasn't OpenAI shipped this officially?

Comparisons developers ask about

vs OpenClaw + Codex OAuth

vs usemysub.com and subscription resellers

vs Pi /login and harness OAuth

vs official Codex in Claude Code / Codex CLI

Should Savio open-source it?

What should builders do today?

Where this fits the 2026 access-control stack

Related reading

Related posts

OpenClaw meets ChatGPT Plus: OpenAI’s subscription path vs Claude limits

GPT-5.6 Sol, Terra, and Luna: OpenAI Preview Launch Explained

Codex vs Claude Code: The Developer Verdict (June 2026)

TL;DR

What problem does LoginWithChatGPT solve?

How does the login flow work?

Is it against OpenAI's terms of service?

Who pays? Subscription vs API economics

Why hasn't OpenAI shipped this officially?

Comparisons developers ask about

vs OpenClaw + Codex OAuth

vs usemysub.com and subscription resellers

vs Pi /login and harness OAuth

vs official Codex in Claude Code / Codex CLI

Should Savio open-source it?

What should builders do today?

Where this fits the 2026 access-control stack

Related reading

Related posts

OpenClaw meets ChatGPT Plus: OpenAI’s subscription path vs Claude limits

GPT-5.6 Sol, Terra, and Luna: OpenAI Preview Launch Explained

Codex vs Claude Code: The Developer Verdict (June 2026)

vs Pi `/login` and harness OAuth

vs Pi `/login` and harness OAuth