OAuth Authentication Broken in WSL2 - Cannot Login or Use API

Resolved 💬 12 comments Opened Jan 25, 2026 by jyongchul Closed Mar 1, 2026

Description

Claude Code 2.1.19 cannot authenticate in WSL2 environments. The /login command fails immediately with "OAuth error:" and provides no details. This prevents both initial authentication and token refresh, causing all API requests to fail with connection timeouts.

Root Cause: OAuth browser-based authentication flow is broken in WSL2.

Network connectivity is confirmed working (ping, HTTPS all successful), but the OAuth authentication system itself fails.

Environment

  • Claude Code Version: 2.1.19
  • OS: WSL2 (Ubuntu) on Windows
  • Kernel: 6.6.87.2-microsoft-standard-WSL2
  • Network: Working (verified with ping to api.anthropic.com)
  • OAuth Account: Configured and active (jyongchul@gmail.com)
  • System Resources: Healthy (117GB RAM available, <100 processes)

Steps to Reproduce

  1. Start Claude Code session in WSL2 environment
  2. Submit any prompt (tested with both Korean text and /init command)
  3. UserPromptSubmit hook executes successfully
  4. API request times out after 10 retry attempts
  5. Error displayed: "API Error: Connection error"

CRITICAL DISCOVERY: Authentication itself is broken:

  1. Attempt to re-authenticate with claude login or /login
  2. OAuth flow fails with error: "OAuth error:"
  3. Unable to complete authentication process

Expected Behavior

API requests should complete successfully given:

  • Network connectivity confirmed (0% packet loss to api.anthropic.com)
  • OAuth authentication configured correctly
  • System resources healthy

Actual Behavior

All API requests fail with connection timeout:

✻ Baked for 7m 48s

❯ 너가 ultrathink 해서 알아서 잘 진행해줘.
  ⎿  UserPromptSubmit hook succeeded: Success
  ⎿  API Error: Connection error.

✻ Baked for 3m 34s

❯ /init
  ⎿  UserPromptSubmit hook succeeded: Success
  ⎿  API Error: Connection error.

Final error message:

Request timed out. Check your internet connection and proxy settings
Retrying in 33 seconds… (attempt 10/10)

CRITICAL: Re-authentication also fails:

❯ /login

 OAuth error:


 Press Enter to retry.

The OAuth authentication flow itself is broken. This suggests the root cause is OAuth system failure, not just API timeout.

Diagnostic Information

Network Connectivity ✅

ICMP Test:

$ ping -c 3 api.anthropic.com
PING api.anthropic.com (160.79.104.10) 56(84) bytes of data.
64 bytes from 160.79.104.10: icmp_seq=1 ttl=52 time=121 ms
3 packets transmitted, 3 received, 0% packet loss

HTTPS/TLS Test:

$ curl -v https://api.anthropic.com
* Connected to api.anthropic.com (160.79.104.10) port 443
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* TLS handshake: SUCCESS

Network, DNS, and TLS all working → Issue isolated to API client layer

Sustained Connection Test (60 seconds):

Tests: 6
Success: 6 (100%)
Failed: 0
Avg Connect Time: 0.17s
Avg Total Time: 0.64s

No intermittent issues → Network is completely stable

System Resources ✅

Memory: 117GB available (out of 125GB)
Process Count: 74 total, 13 Claude/MCP processes

Configuration ✅

{
  "oauthAccount": {
    "accountUuid": "6889edc5-ee0a-41bb-9d40-37c598a2798d",
    "emailAddress": "jyongchul@gmail.com",
    "organizationUuid": "a5440dea-dc63-4aad-8afb-d940f152abca",
    "hasExtraUsageEnabled": false,
    "displayName": "Charles",
    "organizationRole": "admin"
  }
}

No proxy settings configured (env | grep -i proxy returns empty)

Impact

Severity: CRITICAL
Impact: Complete inability to use Claude Code

All operations blocked due to API connectivity failure. This is not a local network issue (ping confirms connectivity) or a service outage (no announcements from Anthropic), but appears to be an OAuth authentication system failure specific to WSL2 environments.

Possible Root Causes

PRIMARY SUSPECT (based on new finding):

  1. OAuth Authentication System Failure
  • OAuth login flow completely broken (/login fails with "OAuth error:")
  • Cannot authenticate new sessions
  • Cannot refresh expired tokens
  • Suggests OAuth endpoints unreachable or misconfigured
  • This explains why ALL API calls fail - invalid/expired authentication

SECONDARY SUSPECTS:

  1. OAuth Endpoint Network Issue
  • Main API endpoint (api.anthropic.com) is reachable via HTTPS
  • But OAuth endpoints may be on different infrastructure
  • Possible: api.anthropic.com works, but auth.anthropic.com (or similar) doesn't
  1. WSL2-Specific OAuth Browser Flow
  • OAuth flow may require opening browser
  • WSL2 browser integration may be broken
  • Windows-WSL communication failure for OAuth callback
  1. Regional OAuth Endpoint Issues
  • OAuth authentication servers may have regional routing problems
  • Main API accessible but auth infrastructure not

Suggested Fixes

PRIORITY 1 - OAuth System:

  1. Add verbose OAuth error logging
  • Current error message: "OAuth error:" (no details)
  • Need: Specific error code, endpoint URL, HTTP status
  • This will identify which OAuth step is failing
  1. Test OAuth endpoints separately
  • Verify OAuth authentication endpoints are reachable
  • Check if issue is OAuth-specific or general API connectivity
  1. Implement OAuth fallback
  • Provide API key authentication as alternative
  • Allow manual token entry for debugging

PRIORITY 2 - Diagnostics:

  1. Add connectivity test command
  • claude test-connection or similar
  • Test each endpoint: API, OAuth, WebSocket, etc.
  • Report which services are reachable
  1. WSL2-specific OAuth handling
  • Detect WSL2 environment
  • Use WSL-compatible browser launch method
  • Provide clear error messages for WSL2 issues

Related Issues

  • Issue #18762: Plugin-MCP Configuration Mismatch (different issue, unrelated)

Additional Context

User has checked Anthropic email inbox - no service disruption announcements. This appears to be an OAuth authentication system failure specific to WSL2 environments.

---

Reporter: Lee Jyong Chul (jyongchul@naver.com)
Company: Whitehat Marketing (하얀모자마케팅)
Date: 2026-01-25 KST

View original on GitHub ↗

This issue has 12 comments on GitHub. Read the full discussion on GitHub ↗