Fix custom OAuth flow for Claude Code authentication

Resolved 💬 2 comments Opened Jan 22, 2026 by SameeranB Closed Jan 22, 2026

Problem

The current implementation of the local OAuth server for Claude Code authentication is not working properly. While the OAuth flow successfully opens the browser and the user can complete authentication on Anthropic's platform, the token exchange fails.

Current State

  • OAuth authorization ✅ Works - Browser opens, user authenticates
  • Token exchange ❌ Fails - Endpoint/format issues prevent token retrieval
  • Workaround ✅ Available - "Import from Claude CLI" option works by opening Terminal

Implementation Details

The custom OAuth implementation is in:

  • src/main/lib/oauth-server.ts - Local OAuth server with PKCE
  • src/main/lib/oauth-utils.ts - Shared OAuth utilities
  • Uses endpoint: https://api.anthropic.com/v1/oauth/token
  • Implements PKCE (Proof Key for Code Exchange) as per RFC 7636

Errors Encountered

Previous attempts showed various token exchange errors:

  • Missing state parameter (fixed)
  • Wrong Content-Type (tried both JSON and form-urlencoded)
  • Wrong endpoint path (tried /v1/oauth/token, /api/oauth/token)
  • 400/404 errors from Anthropic API

Recommended Solution

  1. Investigate the correct OAuth flow - May need to contact Anthropic or review Claude CLI source code to understand the exact requirements
  2. Verify endpoint and parameters - The current implementation may be missing required parameters or using incorrect values
  3. Consider alternatives:
  • Keep CLI-based approach as primary method (currently working)
  • Remove custom OAuth entirely if not needed
  • Use device flow instead of authorization code flow

Current Workaround

The "Import from Claude CLI" button works perfectly:

  • Opens Terminal window with claude setup-token
  • User completes OAuth in browser
  • Token stored in system keychain
  • App reads token from keychain

This workaround is acceptable for now, but custom OAuth would provide a better UX.

Related Files

  • src/main/lib/oauth-server.ts
  • src/main/lib/oauth-utils.ts
  • src/main/lib/claude-token.ts
  • src/main/lib/trpc/routers/claude-code.ts

Priority

Low - Workaround is functional and user-friendly

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗