login-wsl

# WSL OAuth Login via Windows Portproxy

Keep the OAuth callback reachable when Codex runs in WSL and the browser runs on Windows.

One-time setup

1) Get the WSL IP (use the first value):

hostname -I

2) Persist OAuth creds in a repo-local store:

mkdir -p ./.codex-home

./.codex-home/config.toml:

mcp_oauth_credentials_store = "file"

3) Start Codex with the wrapper to fix CODEX_HOME:

./codex_wsl.sh

Restart Codex after login so the MCP process loads tokens.

Login workflow (each login)

Optional helper:

./login_wsl_tunnel.sh

Manual steps: 1) Start login in WSL:

nohup codex mcp login c33b > /tmp/c33b_login.log 2>&1 &

2) Read auth URL + port:

cat /tmp/c33b_login.log

Example callback: http://127.0.0.1:37441/callback (port 37441).

3) Add Windows portproxy (elevated PowerShell):

netsh interface portproxy add v4tov4 listenaddress=127.0.0.1 listenport=37441 connectaddress=172.31.113.37 connectport=37441

Replace port + WSL IP with your values.

4) Open the auth URL in Windows and complete login. 5) Verify:

codex mcp list

Cleanup

netsh interface portproxy show all
netsh interface portproxy delete v4tov4 listenaddress=127.0.0.1 listenport=37441

Or run:

powershell -File .\\cleanup_wsl_portproxy.ps1
powershell -File .\\cleanup_wsl_portproxy.ps1 -Port 37441

Notes

• Portproxy is per-login (callback port changes).
• If login times out, rerun with a longer timeout.

Downloads

• cleanup_wsl_portproxy.ps1
• codex_wsl.sh
• login_wsl_tunnel.sh