This occurred in response to Anthropic cracking down on a similar loophole, which tbh made me take it as more of an opportunistic marketing opportunity rather than a generalizable position.
Not disagreeing with you (and based on your other comments you're probably aware of this info) - just adding context on why this is a pretty interesting gray area and I'm similarly curious whether OpenAI will explicitly allow, disallow, or maintain ambiguity towards it.
There were rumors about OpenAI preparing for sign in with OpenAI to let users use their OpenAI allowances with apps, si this is basically it. The question is, how long before OpenAI bans this or makes it official.
Sign in with OpenAI will be nice. That being said, I feel like it might be difficult/not open to use for casual devs. Hopefully OAI leaves this up, as they've allowed it for OpenCode. https://x.com/opencode/status/2009805930377167233
This is a way to let users use the Codex-app to Codex-model interface that the 20$ subscription uses so that other apps can use the OpenAI API without paying per token.
What you are describing is SSO with OpenAI as an identity provider
I believe the goal of their "SSO with OpenAI" was to allow people to use ChatGPT-adjacent services on 3rd party websites with their OpenAI account after signing in. So similar in result, different in execution I suppose.
I feel like this will have a short shelf life. OpenAI is going to notice traffic through that Codex endpoint that doesn't match its usage patterns and lock it down.
I believe that OpenAI has to a certain extent allowed such usage (see: OpenCode, OpenClaw which have OpenAI OAuth built-in). This just opens it up to other developers!
You're not really "opening up anything to other developers," you just had an AI leverage what they already provide to make yourself a proxy. There's probably 100 of these proxies if you search GitHub.
Yes, I agree with you! There are indeed quite a few other options. I will not say that this implementation is objectively better in any way.
However, I do think that for me, this is the easiest one to use.
I find it hard to believe they'll make it official completely, as that's basically giving away free API credits. If they really wanted the benefits of having free API credits they would just do that directly (but I doubt they'd do that in their current situation).
they'll probably just more accurately tie the api credit usage into your pro plan or whatnot so it's more clear what's going on. i just don't expect them to fully ban using the recurring consumer sub for api use
1- It's against the ToS obviously. The analogy I've used in the past that seemed to catch on is that it's like going to an all you can eat buffet, bringing your whole extended family and trying to pay once.
2- Legals and ethics aside, don't build products that competitively rely on this, the moment they patch it you will be out of business, it's like making a business out of blackhat SEO during the Google era. At least if you are going to do it, cash out quick, you are in the rug pull space.
Have some sense and taste, we are professionals here, if in your pesonal life you share your netflix account, bypass DRM, throw cigarrette butts on the floor, cut in line or use handicapped spot without being handicapped, that's one thing, we all do something marginally wrong every once in a while. But on a professional setting, these go from being normal personality traits to being red flags that will silently leave you marginalized from serious software.
I'm extrapolating here, but it's a pattern I see very often in other areas where it's even wronger. For example lots of people use unofficial APIs instead of using Meta APIs, they connect to WhatsApp unofficially (See OpenClaw crowd), instead of following the procedures in place to reduce spam (and let Meta monetize of course). Even worse is people that want to scrape Facebook, sure it's a pain, but most the API stringency comes from the Cambridge Analytica scandal, if you do this shit and you then complain about Meta you are being hypocritical, can't have it both ways.
I know we are in hacker news, but there's a lot of nuance. Running youtube-dl to download some cat videos isn't the same as hosting youtube-dl as an API and charging 5$/mo or building a business on top of it.
The repo does explicitly say to only use this for personal or experimental projects.
That being said, OpenCode is relying on this in a "professional" context without any issue so far. I am not saying that is proof this is _not_ against ToS, but it does show perhaps OAI is ok with such usage.
Worth mentioning this post: https://x.com/opencode/status/2009805930377167233
In which OpenCode "collaborates" with OpenAI to support login with ChatGPT Pro/Plus (through this exact method!)
Not exactly proof that this method is "OpenAI allowed" but it's a good sign at least.
This occurred in response to Anthropic cracking down on a similar loophole, which tbh made me take it as more of an opportunistic marketing opportunity rather than a generalizable position.
Not disagreeing with you (and based on your other comments you're probably aware of this info) - just adding context on why this is a pretty interesting gray area and I'm similarly curious whether OpenAI will explicitly allow, disallow, or maintain ambiguity towards it.
There were rumors about OpenAI preparing for sign in with OpenAI to let users use their OpenAI allowances with apps, si this is basically it. The question is, how long before OpenAI bans this or makes it official.
Sign in with OpenAI will be nice. That being said, I feel like it might be difficult/not open to use for casual devs. Hopefully OAI leaves this up, as they've allowed it for OpenCode. https://x.com/opencode/status/2009805930377167233
Not at all, this is a different thing.
This is a way to let users use the Codex-app to Codex-model interface that the 20$ subscription uses so that other apps can use the OpenAI API without paying per token.
What you are describing is SSO with OpenAI as an identity provider
I believe the goal of their "SSO with OpenAI" was to allow people to use ChatGPT-adjacent services on 3rd party websites with their OpenAI account after signing in. So similar in result, different in execution I suppose.
I feel like this will have a short shelf life. OpenAI is going to notice traffic through that Codex endpoint that doesn't match its usage patterns and lock it down.
I believe that OpenAI has to a certain extent allowed such usage (see: OpenCode, OpenClaw which have OpenAI OAuth built-in). This just opens it up to other developers!
You're not really "opening up anything to other developers," you just had an AI leverage what they already provide to make yourself a proxy. There's probably 100 of these proxies if you search GitHub.
Yes, I agree with you! There are indeed quite a few other options. I will not say that this implementation is objectively better in any way. However, I do think that for me, this is the easiest one to use.
i tend to think openai will just make this official rather than ban it based on their historical stance here
I find it hard to believe they'll make it official completely, as that's basically giving away free API credits. If they really wanted the benefits of having free API credits they would just do that directly (but I doubt they'd do that in their current situation).
they'll probably just more accurately tie the api credit usage into your pro plan or whatnot so it's more clear what's going on. i just don't expect them to fully ban using the recurring consumer sub for api use
This is Affero GPL, pretty sure that means that it can only be used in FOSS code.
I wouldn't recommend using this in two senses:
1- It's against the ToS obviously. The analogy I've used in the past that seemed to catch on is that it's like going to an all you can eat buffet, bringing your whole extended family and trying to pay once.
2- Legals and ethics aside, don't build products that competitively rely on this, the moment they patch it you will be out of business, it's like making a business out of blackhat SEO during the Google era. At least if you are going to do it, cash out quick, you are in the rug pull space.
Have some sense and taste, we are professionals here, if in your pesonal life you share your netflix account, bypass DRM, throw cigarrette butts on the floor, cut in line or use handicapped spot without being handicapped, that's one thing, we all do something marginally wrong every once in a while. But on a professional setting, these go from being normal personality traits to being red flags that will silently leave you marginalized from serious software.
I'm extrapolating here, but it's a pattern I see very often in other areas where it's even wronger. For example lots of people use unofficial APIs instead of using Meta APIs, they connect to WhatsApp unofficially (See OpenClaw crowd), instead of following the procedures in place to reduce spam (and let Meta monetize of course). Even worse is people that want to scrape Facebook, sure it's a pain, but most the API stringency comes from the Cambridge Analytica scandal, if you do this shit and you then complain about Meta you are being hypocritical, can't have it both ways.
I know we are in hacker news, but there's a lot of nuance. Running youtube-dl to download some cat videos isn't the same as hosting youtube-dl as an API and charging 5$/mo or building a business on top of it.
The repo does explicitly say to only use this for personal or experimental projects. That being said, OpenCode is relying on this in a "professional" context without any issue so far. I am not saying that is proof this is _not_ against ToS, but it does show perhaps OAI is ok with such usage.