LoginWithChatGPT: Codex Subscription OAuth for Your App
Savio Martin built LoginWithChatGPT by reverse-engineering OpenAI Codex CLI device auth — users log in with ChatGPT and run gpt-5.5-codex-fast on their plan quota. TOS risk, how it works, and vs API billing explained.
On June 26, 2026, Savio Martin — 19-year-old co-founder and CTO of Result — posted an experiment that hit 186K+ views on X in hours: <LoginWithChatGPT />.
The pitch: embed a "Login with ChatGPT" button on your site. Users authorize with a one-time device code from ChatGPT settings. Your app runs prompts through Codex (demo uses gpt-5.5-codex-fast) — and usage draws from the user's ChatGPT plan, not your OpenAI API bill.
People immediately split into two camps: indie builders calling it genius for reviving side projects without API invoices, and compliance-minded developers asking whether it violates OpenAI's terms and triggers account bans — the same debate that already burned the Claude subscription reseller ecosystem.
This post answers what people actually search after seeing the thread — not a hype recap.
Savio Martin, CTO of Result — experiment, not shipped OSS yet
Who pays OpenAI?
The logged-in user's ChatGPT subscription
Demo model
gpt-5.5-codex-fast via Codex SDK responses.create()
Works on free ChatGPT?
Savio says yes — subject to plan rate limits
Open source?
Waiting for OpenAI TOS response before releasing library
TOS safe?
Unknown — treat as risk until OpenAI confirms
Similar tools
OpenClaw Codex OAuth, usemysub.com, Pi /login patterns
OpenAI shipped this?
No — Cal.com founder Peer Richelsen: "im surprised they havent shipped that yet"
What problem does LoginWithChatGPT solve?
Indie SaaS math is brutal in 2026: every user prompt on gpt-5.5 or gpt-5.5-codex-fast at API rates adds up fast — especially agentic flows that burn 10×–100× more tokens than chat.
Subscription plans (ChatGPT Plus, Pro, Go) bundle model access at flat monthly prices tuned for human-shaped usage — not unlimited third-party inference farms, but enough that a single-user demo app can feel "free" to the developer if each visitor pays with their own plan.
LoginWithChatGPT externalizes inference cost exactly like OpenClaw's Codex OAuth path — except aimed at embedded web UX instead of a local terminal harness.
The demo site's copy states it plainly:
Add a Login with ChatGPT button to your site. Let users log in with their personal ChatGPT account and run prompts on it. You never pay OpenAI for usage. Works on any plan: Free, Go, Plus, or Pro.
Sample code from the live demo:
javascript
const codex = newCodex();
const res = await codex.responses.create({
model: "gpt-5.5-codex-fast",
input: "Write a haiku about the ocean.",
});
Output streams in the browser after the user completes device authorization.
How does the login flow work?
The implementation reverse-engineers OpenAI Codex CLI device authentication — the same family of flow CLI tools use when you codex login — into something web apps can trigger.
User steps (from the demo):
Click Login with ChatGPT
Browser opens ChatGPT; user enters a one-time code shown in your app
First-time setup: enable device code authorization for Codex under ChatGPT Settings → Security & Login
App receives authorized session; Codex SDK calls proceed against that user's entitlement
Savio described it on X as building "OAuth inside web/mobile" on top of a flow OpenAI already exposes for CLI and tools like OpenClaw and Hermes — not inventing a new backend API.
Security questions developers raised: token storage, session hijacking, and whether device codes belong in third-party origins at all. Savio has not published a full security model yet — another reason to treat this as experiment-only.
For end users: logging into a random site with your ChatGPT account is the same trust decision as "Sign in with Google" — you are granting a third party ability to spend your model quota. Read what the app requests; revoke device codes in ChatGPT settings if you stop using the app.
Is it against OpenAI's terms of service?
Nobody has a definitive yes/no — including Savio.
On X, developer Eli Abdeen asked the obvious question: "doesn't this violate their terms? if a site is trying to connect gpt models... it should be from the api right?"
Savio's reply (June 26–27, 2026):
OpenAI claims to allow 3rd party apps to access Codex via CLI — ie how OpenClaw/hermes access it. I reverse engineered a way to build this as an OAuth inside web/mobile. not sure how compliant this is to their TOS — Waiting for OpenAI to respond before open sourcing this
explainx.ai read: three layers of risk:
Risk
Why it matters
Terms ambiguity
Consumer subscription ≠ API reseller license; OpenAI can update enforcement overnight
Account action
Users (not just developers) could face limits or bans if classified as abusive routing
Similar services like usemysub.com already operate in this gray zone. That is not proof of safety — it is proof OpenAI has tolerated some patterns while Anthropic actively did not for Claude.
Do not ship production revenue on "OpenAI hasn't stopped me yet."
Who pays? Subscription vs API economics
LoginWithChatGPT
Official OpenAI API
Billed account
End user's ChatGPT plan
Developer's API project
Developer COGS
~$0 marginal inference
Per-token invoice
Rate limits
Consumer plan caps
Tiered API limits
Compliance
Gray / experimental
Contractual
Best for
Demos, hobby apps, BYOS experiments
Production SaaS
This is the same wallet routing debate as Sam Altman's metered-utility vision vs flat subscriptions — except LoginWithChatGPT lets founders externalize metered cost to users' flat plans, which OpenAI may view as arbitrage if usage scales.
Savio confirmed in replies: all usage passes to the user's active subscription, including users on ChatGPT Free — with the obvious caveat that free tiers hit walls quickly on codex-fast workloads.
Why hasn't OpenAI shipped this officially?
Peer Richelsen (Cal.com) summarized the product gap: surprised OpenAI has not shipped first-party "Login with ChatGPT for developers" OAuth for embedded apps.
Plausible reasons OpenAI moves slowly:
Subscription economics — embedding plan quota in arbitrary third-party sites breaks usage forecasting
GPT-5.6 gating — limited preview with government vetting shows frontier models already under access control; consumer OAuth bridges make that harder to enforce
ChatGPT Apps / platform play — OpenAI may prefer partners inside a sanctioned store over arbitrary <LoginWithChatGPT /> embeds
Marko Kraemer noted on X that teams like Kortix are already "CODEX SUB MAXXING" — treating ChatGPT/Codex subscriptions as the default inference wallet for agent products, which makes LoginWithChatGPT less a novelty and more an inevitable product shape.
Comparisons developers ask about
vs OpenClaw + Codex OAuth
OpenClaw authenticates locally — user's machine, user's subscription, user's risk. LoginWithChatGPT moves that pattern to multi-tenant web where your users log in through your domain. Higher leverage for SaaS; higher TOS and security scrutiny.
vs usemysub.com and subscription resellers
Reseller APIs pool or route subscription credentials server-side — often opaque to end users. LoginWithChatGPT is transparent BYOS (bring your own subscription): users know they are spending their ChatGPT quota. Regulators and platforms may treat both similarly if scale grows.
vs Pi /login and harness OAuth
Pi documents /login for subscription OAuth providers in a local harness context. Same economic idea — subscription instead of API key — different deployment surface (terminal TUI vs React component).
vs official Codex in Claude Code / Codex CLI
First-party tools are always the safe path. Compare stacks in our Codex vs Claude Code guide if you are choosing a harness anyway.
Should Savio open-source it?
The X thread's most-liked replies say yes — democratize the pattern. Savio's restraint (wait for OpenAI) is the responsible move:
Legal clarity benefits everyone — users, Result, and OpenAI
Open-sourcing before TOS read accelerates abuse clones (wrappers, resellers, malware login pages)
A blessed OpenAI embed would obsolete the hack overnight — or trigger enforcement against forks
If OpenAI blesses CLI-adjacent OAuth for web, expect an official component. If they condemn it, early adopters face retroactive enforcement.
OpenAI and Anthropic are not symmetric: OpenAI enabled Codex OAuth for OpenClaw; Anthropic closed subscription loops for third parties. LoginWithChatGPT tests how far OpenAI's permissive side stretches into embedded web before someone gets banned.
Demo behavior, model ids, and TOS posture reflect public posts and the live demo as of June 27, 2026. OpenAI has not issued a public response to LoginWithChatGPT at publish time — verify before production use.