OAuth Authentication Broken in WSL2 - Cannot Login or Use API
Description
Claude Code 2.1.19 cannot authenticate in WSL2 environments. The /login command fails immediately with "OAuth error:" and provides no details. This prevents both initial authentication and token refresh, causing all API requests to fail with connection timeouts.
Root Cause: OAuth browser-based authentication flow is broken in WSL2.
Network connectivity is confirmed working (ping, HTTPS all successful), but the OAuth authentication system itself fails.
Environment
- Claude Code Version: 2.1.19
- OS: WSL2 (Ubuntu) on Windows
- Kernel: 6.6.87.2-microsoft-standard-WSL2
- Network: Working (verified with ping to api.anthropic.com)
- OAuth Account: Configured and active (jyongchul@gmail.com)
- System Resources: Healthy (117GB RAM available, <100 processes)
Steps to Reproduce
- Start Claude Code session in WSL2 environment
- Submit any prompt (tested with both Korean text and
/initcommand) - UserPromptSubmit hook executes successfully
- API request times out after 10 retry attempts
- Error displayed: "API Error: Connection error"
CRITICAL DISCOVERY: Authentication itself is broken:
- Attempt to re-authenticate with
claude loginor/login - OAuth flow fails with error: "OAuth error:"
- Unable to complete authentication process
Expected Behavior
API requests should complete successfully given:
- Network connectivity confirmed (0% packet loss to api.anthropic.com)
- OAuth authentication configured correctly
- System resources healthy
Actual Behavior
All API requests fail with connection timeout:
✻ Baked for 7m 48s
❯ 너가 ultrathink 해서 알아서 잘 진행해줘.
⎿ UserPromptSubmit hook succeeded: Success
⎿ API Error: Connection error.
✻ Baked for 3m 34s
❯ /init
⎿ UserPromptSubmit hook succeeded: Success
⎿ API Error: Connection error.
Final error message:
Request timed out. Check your internet connection and proxy settings
Retrying in 33 seconds… (attempt 10/10)
CRITICAL: Re-authentication also fails:
❯ /login
OAuth error:
Press Enter to retry.
The OAuth authentication flow itself is broken. This suggests the root cause is OAuth system failure, not just API timeout.
Diagnostic Information
Network Connectivity ✅
ICMP Test:
$ ping -c 3 api.anthropic.com
PING api.anthropic.com (160.79.104.10) 56(84) bytes of data.
64 bytes from 160.79.104.10: icmp_seq=1 ttl=52 time=121 ms
3 packets transmitted, 3 received, 0% packet loss
HTTPS/TLS Test:
$ curl -v https://api.anthropic.com
* Connected to api.anthropic.com (160.79.104.10) port 443
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* TLS handshake: SUCCESS
✅ Network, DNS, and TLS all working → Issue isolated to API client layer
Sustained Connection Test (60 seconds):
Tests: 6
Success: 6 (100%)
Failed: 0
Avg Connect Time: 0.17s
Avg Total Time: 0.64s
✅ No intermittent issues → Network is completely stable
System Resources ✅
Memory: 117GB available (out of 125GB)
Process Count: 74 total, 13 Claude/MCP processes
Configuration ✅
{
"oauthAccount": {
"accountUuid": "6889edc5-ee0a-41bb-9d40-37c598a2798d",
"emailAddress": "jyongchul@gmail.com",
"organizationUuid": "a5440dea-dc63-4aad-8afb-d940f152abca",
"hasExtraUsageEnabled": false,
"displayName": "Charles",
"organizationRole": "admin"
}
}
No proxy settings configured (env | grep -i proxy returns empty)
Impact
Severity: CRITICAL
Impact: Complete inability to use Claude Code
All operations blocked due to API connectivity failure. This is not a local network issue (ping confirms connectivity) or a service outage (no announcements from Anthropic), but appears to be an OAuth authentication system failure specific to WSL2 environments.
Possible Root Causes
PRIMARY SUSPECT (based on new finding):
- OAuth Authentication System Failure
- OAuth login flow completely broken (
/loginfails with "OAuth error:") - Cannot authenticate new sessions
- Cannot refresh expired tokens
- Suggests OAuth endpoints unreachable or misconfigured
- This explains why ALL API calls fail - invalid/expired authentication
SECONDARY SUSPECTS:
- OAuth Endpoint Network Issue
- Main API endpoint (api.anthropic.com) is reachable via HTTPS
- But OAuth endpoints may be on different infrastructure
- Possible:
api.anthropic.comworks, butauth.anthropic.com(or similar) doesn't
- WSL2-Specific OAuth Browser Flow
- OAuth flow may require opening browser
- WSL2 browser integration may be broken
- Windows-WSL communication failure for OAuth callback
- Regional OAuth Endpoint Issues
- OAuth authentication servers may have regional routing problems
- Main API accessible but auth infrastructure not
Suggested Fixes
PRIORITY 1 - OAuth System:
- Add verbose OAuth error logging
- Current error message: "OAuth error:" (no details)
- Need: Specific error code, endpoint URL, HTTP status
- This will identify which OAuth step is failing
- Test OAuth endpoints separately
- Verify OAuth authentication endpoints are reachable
- Check if issue is OAuth-specific or general API connectivity
- Implement OAuth fallback
- Provide API key authentication as alternative
- Allow manual token entry for debugging
PRIORITY 2 - Diagnostics:
- Add connectivity test command
claude test-connectionor similar- Test each endpoint: API, OAuth, WebSocket, etc.
- Report which services are reachable
- WSL2-specific OAuth handling
- Detect WSL2 environment
- Use WSL-compatible browser launch method
- Provide clear error messages for WSL2 issues
Related Issues
- Issue #18762: Plugin-MCP Configuration Mismatch (different issue, unrelated)
Additional Context
User has checked Anthropic email inbox - no service disruption announcements. This appears to be an OAuth authentication system failure specific to WSL2 environments.
---
Reporter: Lee Jyong Chul (jyongchul@naver.com)
Company: Whitehat Marketing (하얀모자마케팅)
Date: 2026-01-25 KST
This issue has 12 comments on GitHub. Read the full discussion on GitHub ↗