Describe the bug
When adding accounts via the OAuth flow in the admin UI, the POST /api/admin/oauth/exchange-code endpoint returns 502 with an HTML error body if no proxy_url is provided.
Root cause
The OAuth exchange-code handler in admin/oauth.go passes an empty proxyURL to auth.BuildHTTPClient() when neither the session nor the request body contains a proxy_url. This causes the request to https://auth.openai.com/oauth/token to go direct from the server, which OpenAI blocks in certain regions with 403.
Steps to reproduce
- Deploy codex2api in a region where
auth.openai.com is geo-restricted
- Open the admin UI → Accounts → Add Account via OAuth
- Do NOT specify a proxy in the add-account dialog
- Complete the OAuth flow and submit the callback
- Observe: 502 with Cloudflare or HTML error in the response body
Expected behavior
The OAuth exchange should fall back to the system proxy (proxy_url from system settings) when no per-request proxy is specified.
Fix
PR #138: Add h.store.GetProxyURL() fallback in both ExchangeOAuthCode and OAuthCallback handlers.
🤖 Reported with Claude Code
Describe the bug
When adding accounts via the OAuth flow in the admin UI, the
POST /api/admin/oauth/exchange-codeendpoint returns 502 with an HTML error body if noproxy_urlis provided.Root cause
The OAuth exchange-code handler in
admin/oauth.gopasses an emptyproxyURLtoauth.BuildHTTPClient()when neither the session nor the request body contains aproxy_url. This causes the request tohttps://auth.openai.com/oauth/tokento go direct from the server, which OpenAI blocks in certain regions with 403.Steps to reproduce
auth.openai.comis geo-restrictedExpected behavior
The OAuth exchange should fall back to the system proxy (
proxy_urlfrom system settings) when no per-request proxy is specified.Fix
PR #138: Add
h.store.GetProxyURL()fallback in bothExchangeOAuthCodeandOAuthCallbackhandlers.🤖 Reported with Claude Code