SpyBara
Go Premium

Documentation 2026-06-19 23:57 UTC to 2026-06-20 03:58 UTC

3 files changed +5 −2. View all changes and history on the product overview
2026
Mon 22 19:03 Sat 20 03:58 Fri 19 23:57 Thu 18 23:01 Wed 17 17:02 Tue 16 20:00 Mon 15 19:59 Sun 14 16:58 Sat 13 00:58 Fri 12 18:02 Thu 11 20:02 Wed 10 20:00 Tue 9 18:50 Sat 6 00:58 Fri 5 18:45 Thu 4 01:09 Wed 3 19:27 Tue 2 19:22
Details

1308 key: "mcp_oauth_callback_url",1308 key: "mcp_oauth_callback_url",

1309 type: "string",1309 type: "string",

1310 description:1310 description:

1311 "Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.",1311 "Optional base callback URL override for MCP OAuth login (for example, a devbox ingress URL). Codex appends a server-specific callback ID before sending the final OAuth `redirect_uri`, so register the full derived URI with your provider. `mcp_oauth_callback_port` still controls the callback listener port.",

1312 },1312 },

1313 {1313 {

1314 key: "experimental_use_unified_exec_tool",1314 key: "experimental_use_unified_exec_tool",

Details

235 235 

236# Optional redirect URI override for MCP OAuth login (for example, remote devbox ingress).236# Optional redirect URI override for MCP OAuth login (for example, remote devbox ingress).

237 237 

238# Codex appends a server-specific callback ID before OAuth login, so register the

239# full derived URI with your provider, not just the base host or unsuffixed path.

240 

238# Custom callback paths are supported. `mcp_oauth_callback_port` still controls the listener port.241# Custom callback paths are supported. `mcp_oauth_callback_port` still controls the listener port.

239 242 

240# mcp_oauth_callback_url = "https://devbox.example.internal/callback"243# mcp_oauth_callback_url = "https://devbox.example.internal/callback"

mcp.md +1 −1

Details

96 96 

97If your OAuth provider requires a fixed callback port, set the top-level `mcp_oauth_callback_port` in `config.toml`. If unset, Codex binds to an ephemeral port.97If your OAuth provider requires a fixed callback port, set the top-level `mcp_oauth_callback_port` in `config.toml`. If unset, Codex binds to an ephemeral port.

98 98 

99If your MCP OAuth flow must use a specific callback URL (for example, a remote Devbox ingress URL or a custom callback path), set `mcp_oauth_callback_url`. Codex uses this value as the OAuth `redirect_uri` while still using `mcp_oauth_callback_port` for the callback listener port. Local callback URLs (for example `localhost`) bind on the local interface; non-local callback URLs bind on `0.0.0.0` so the callback can reach the host.99If your MCP OAuth flow must use a specific callback URL (for example, a remote Devbox ingress URL or a custom callback path), set `mcp_oauth_callback_url`. Codex uses this value as the base callback URL, then appends a server-specific callback ID to produce the OAuth `redirect_uri` it sends during login. Register the full derived `redirect_uri` with your OAuth provider, including the appended callback ID and any configured path, query, or port, rather than registering only the base host or unsuffixed path. Local callback URLs (for example `localhost`) bind on the local interface; non-local callback URLs bind on `0.0.0.0` so the callback can reach the host.

100 100 

101If the MCP server advertises `scopes_supported`, Codex prefers those101If the MCP server advertises `scopes_supported`, Codex prefers those

102server-advertised scopes during OAuth login. Otherwise, Codex falls back to the102server-advertised scopes during OAuth login. Otherwise, Codex falls back to the