Feature Request: Machine to Machine Authentication for Claude Max Subscriptions

Resolved 💬 34 comments Opened May 31, 2025 by Cheffromspace Closed Jan 16, 2026
💡 Likely answer: A maintainer (grll, contributor) responded on this thread — see the highlighted reply below.

Claude Max subscribers pay $200/month, yet there's no official way to use our subscriptions for automation. The only workaround involves fragile OAuth token extraction, and it's unclear if this violates ToS. This creates unnecessary friction for legitimate developer workflows.

Current Problem

I'm building Webhook automation where Claude Code responds to requests by running in isolated docker containers. This exactly the type of developer workflow Claude Code should excel at (and judging by documentation, is encouraged, why else deliver an SDK?), however we're stuck in a grey area:

  • OAuth tokens work but expire unpredictably
  • Multiple containers sharing tokens create race conditions
  • Token refresh requires hacky 'ping' requests to trigger auto-refresh
  • No clear guidance on whether automation use violates ToS

Request: Pick a Lane

Option A: Full Automation Support

  • Provide official M2M (machine-to-machine) authentication for Max subscriptions
  • Document token lifecycle management
  • Add claude auth:token or similar commands for headless environments
  • Support production deployment patterns

Option B: Interactive-Only Stance

  • Clearly state Max subscriptions are for interactive use only
  • Remove automation-focused documentation
  • Direct automation users to API-only approach

Option C: Hybrid Approach

  • Official guidance on OAuth token management for automation
  • Supported patterns for containerized deployments
  • Clear ToS boundaries on automation use
  • Token refresh API or long-lived tokens for CI/CD

Why This Matters

The current situation undermines the value proposition of Claude Max for developers who want to integrate Claude Code into their workflows. We're essentially forced to choose between:

  1. Violating potential ToS with token extraction hacks
  2. Paying separately for API access despite our Max subscription
  3. Abandoning automation use cases entirely

Please provide clarity on the intended use model for Claude Max subscribers who need automation capabilities.

View original on GitHub ↗

34 Comments

cbarraford · 1 year ago

+1

wshobson · 1 year ago

+1

Neon3451 · 1 year ago

+1

galuhpradipta · 1 year ago

+1

IntegralMedia01 · 1 year ago

+1

Cheffromspace · 1 year ago

It's not coming directly from Anthropic, but I did find this: https://github.com/grll/claude-code-action/issues/6

Would really appreciate an official comment on this @catherinewu

garrick0 · 1 year ago

+1

djclarkson · 1 year ago

+1

jameskennethrobinson · 1 year ago

+1

dmitriikeler · 1 year ago

This is a significant problem. What's the point in headless mode if i have to log in manually every time?

tumma72 · 1 year ago

I am experiencing a similar issue but only when Claude Code is launched in a subprocess or remote shell. If I launch it in print mode from a shell where I did login in interactive mode once, it runs without issues, even with JSON streaming output. When I run it using the MCP mode what happens is the following:

  1. All commands that do not spawn a subprocess work without issues
  2. The commands Task and Batch which I believe attempt to delegate to sub-sessions work to do, are failing with the message 'please use /login' which doesn't make sense

Any attempt to work around this problem seems to be fragile and potentially violating the usage license. So please 🙏🏻 Anthropic provide us with a solid answer. Even using Claude Code from Claude Desktop as MCP has the same issue which is kind of wired given both product come from the same team.

AaronAbuUsama · 1 year ago

heavy +1

cagdasdag · 1 year ago

+1

orkunaybek · 1 year ago

+1

Sothatsit · 1 year ago

+1

dscho99 · 1 year ago

+1

brianbowden · 1 year ago

+1

grll contributor · 1 year ago

Hey there! I have been working on this with the community on my fork: https://github.com/grll/claude-code-action.

Originally you just had to pass a few values from your credentials.json as secret on your repo and it would use your subscription instead of a new API key but the token would expire after 8hours. More recently we have greatly improved the setup.

Now we properly set a new "OAuth branch" in your CI and automatically refresh the token if it's close to expire. Essentially it enables seamless Machine to Machine Authentication without invalidating your local oauth setup.

To create a new OAuth chain we use a github action called claude-code-login which prompt you via github workflow to do the oauth flow: https://github.com/grll/claude-code-login. It will store the necessary secrets on your repo to get started with a new oauth chain.

We have also greatly simplified the whole thing by creating an installer script that will write the 2 necessary github workflows to your repo and clearly indicate the few little remaining steps you need to do to enable "@claude" using your subscription:

# cd into your repo
bash <(curl -fsSL https://raw.githubusercontent.com/grll/claude-code-grll-installer/main/installer.sh)

You can have a look at the installer repo here: https://github.com/grll/claude-code-grll-installer

Bottom line if you run the installer above in any repo you own with a remote origin set to github you will have @claude working on that repo only for your github username with auto token refresh...

It's not an official Anthropic solution I am afraid but probably the best next thing as it's now been more than a month we are waiting for this...

miiraheart · 11 months ago

+1

hasegama · 10 months ago

I understand the closest way to Option:C is to use the /install-github-app command released in v1.0.44 or the claude setup-token. Thank you, Anthropic.
https://github.com/anthropics/claude-code-action/issues/4#issuecomment-3046770474

Lucasmind · 10 months ago

+1

ariccio · 8 months ago

Seeing as there's no EXPLICIT confirmation from anthropic several months later, I'm hoping I'm safe to switch my claude code github actions (which one other dev uses) to my max20 subscription key...

github-actions[bot] · 7 months ago

This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.

camnealie · 7 months ago

+1

lyndonscotthumphris · 7 months ago

+1

gshpychka · 7 months ago
But we can only access these through claude.ai's web UI, which has serious stability issues (lag, freezes, crashes, input replacement bugs). Claude Code CLI uses separate API billing.

What? This is not the case

sudoxreboot · 7 months ago
> But we can only access these through claude.ai's web UI, which has serious stability issues (lag, freezes, crashes, input replacement bugs). Claude Code CLI uses separate API billing. What? This is not the case

No joke Claude Code thought this was the right one to comment on after duplicate bot. Deleting. They took part of the original post and tried to adapt it poorly

gshpychka · 7 months ago
No joke Claude Code thought this was the right one to comment on after duplicate bot. Deleting. They took part of the original post and tried to adapt it poorly

You are the one who posted the comment though? I don't understand what you are saying.

sudoxreboot · 7 months ago
> No joke Claude Code thought this was the right one to comment on after duplicate bot. Deleting. They took part of the original post and tried to adapt it poorly You are the one who posted the comment though? I don't understand what you are saying.

Then you don't know how Claude code works.

gshpychka · 7 months ago
> > No joke Claude Code thought this was the right one to comment on after duplicate bot. Deleting. They took part of the original post and tried to adapt it poorly > > > You are the one who posted the comment though? I don't understand what you are saying. Then you don't know how Claude code works.

Wait, you have Claude Code posting github comments on your behalf without your approval? Please don't do that.

sudoxreboot · 7 months ago
> > > No joke Claude Code thought this was the right one to comment on after duplicate bot. Deleting. They took part of the original post and tried to adapt it poorly > > > > > > You are the one who posted the comment though? I don't understand what you are saying. > > > Then you don't know how Claude code works. Wait, you have Claude Code posting github comments on your behalf without your approval? Please don't do that.

I'm sorry DAD

github-actions[bot] · 6 months ago

This issue has been automatically closed due to 60 days of inactivity. If you're still experiencing this issue, please open a new issue with updated information.

marcindulak · 6 months ago

This issue was closed incorrectly despite recent human comments. This behavior of the bot is reported at https://github.com/anthropics/claude-code/issues/16497. Please upvote that issue, so maybe it gets noticed.

github-actions[bot] · 5 months ago

This issue has been automatically locked since it was closed and has not had any activity for 7 days. If you're experiencing a similar issue, please file a new issue and reference this one if it's relevant.