Time LLC logo Time Columns DX, Web, AI

ChatGPT / Codex / Authentication

ChatGPT and Codex Login Issues on Safari: Refresh Token Already Used

A practical note on OAuth sessions, cookies, and account separation

Updated: May 12, 2026

When ChatGPT or Codex suddenly logs out on Safari, shows a login loop, or displays “refresh token was already used,” the issue may be closer to session state mismatch than a simple password problem.

Overview

When using ChatGPT or Codex on Safari, a login session can sometimes collapse suddenly. One error message looks like this:

Your access token could not be refreshed because your refresh token was already used.
Please log out and sign in again.

In practice, this does not always feel like a normal login failure. It can look more like a mismatch between Safari, Google login, multiple OpenAI accounts, ChatGPT Desktop, Codex, and the API Platform.

Symptoms

The error may appear together with other strange behavior around the account state.

  • Codex remaining time disappears
  • You are unexpectedly logged out
  • The login flow loops
  • Plus or Pro recognition becomes unstable
  • The model list does not look right
  • ChatGPT works, but Codex is unstable
  • Something went wrong appears

If you use several OpenAI accounts, repeated login attempts can make the state even harder to understand.

What May Be Happening

Modern web authentication often uses access tokens, refresh tokens, and cookies to maintain login sessions.

An access token expires after a short period. A refresh token is then used to obtain a new access token and keep the session alive.

That usually works quietly. But when multiple tabs, browsers, apps, and accounts all try to refresh sessions, token state can drift. Some refresh token systems treat a used refresh token as invalid once it has already been exchanged.

If another tab or app has already refreshed the session and an older token is used again, the system may report that the refresh token was already used.

Common Patterns

These situations seem especially likely to create confusion around the session state:

  • Using ChatGPT in Safari
  • Switching between multiple OpenAI accounts
  • Logging in with a different Google account while a paid OpenAI account is active
  • Using ChatGPT Desktop and the browser version at the same time
  • Using Codex, ChatGPT, and the API Platform in parallel
  • Using Google OAuth for login

Safari has strong cookie controls, cross-site tracking prevention, passkey support, and session isolation behavior. That is useful for security, but it can make account/session mismatch more visible.

Why Browser Login Is Used

When ChatGPT Desktop or Codex opens a browser for login, that is not necessarily strange. It is a common authentication pattern.

The basic idea is to avoid giving your password directly to the app. Authentication happens on an official login domain, and the result is returned to the app after successful login.

  • accounts.google.com
  • auth.openai.com
  • appleid.apple.com

This reduces the need for the app to handle the password itself. The tradeoff is that browser state, app state, and identity provider state all have to stay aligned.

What to Try First

A practical first step is to clear Safari website data related to the login flow. In Safari settings, search for and remove website data related to:

  • openai
  • chatgpt
  • google
  • auth

Then try a clean login sequence:

  1. Close all OpenAI-related tabs
  2. Quit Safari completely
  3. Restart the Mac
  4. Log in only with the primary account first

This is not a guaranteed fix for every case, but it is a realistic first troubleshooting step because it resets much of the browser-side session state.

Operational Separation

If you frequently switch accounts, using one browser for everything can become fragile. Separating accounts by browser is often easier to maintain.

  • Safari: daily browsing
  • Chrome: primary OpenAI account
  • Edge or Arc: testing accounts

For professional use of ChatGPT, Codex, and the API Platform, a dedicated OpenAI browser reduces ambiguity. When something breaks, it is much easier to know which account and session are involved.

Summary

This issue is not just a small login annoyance. It shows how complex modern authentication becomes when AI tools, desktop apps, web apps, OAuth providers, and multiple accounts are used together.

Safari is strong on privacy and session control, but that strength can make session mismatch more noticeable. If Codex loses its remaining time display, ChatGPT enters a login loop, or “refresh token was already used” appears, start by clearing Safari website data and separating OpenAI accounts by browser.

For Time LLC, reliable AI tool use is not only about prompts and models. Account separation, browser choice, and recovery procedures are also part of practical AI operations.