[BUG] API key authentication accepts credentials at login but fails on first message (Debian/Linux)

Resolved 💬 2 comments Opened Feb 24, 2026 by Project-ELYX Closed Mar 25, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Claude Code's "Anthropic Console" login button completes the OAuth flow and appears to authenticate successfully, but the runtime ignores the generated credentials and falls back to the Max subscription auth on the first message send. Each login attempt generates a NEW API key in the Console dashboard, proving the auth flow executes, but the keys are never used.
This creates two problems:

  1. Cannot use Console API billing separately from Max subscription
  2. Orphaned API keys accumulate in the Console with every retry

Additional attempts that also fail:

  1. export ANTHROPIC_API_KEY="sk-ant-api03-..." with a manually created Console key
  2. Setting the key in ~/.claude/settings.json
  3. Clearing ~/.claude/ cache/credentials and retrying
  4. Confirming manually-created keys work via direct curl:

curl https://api.anthropic.com/v1/messages \
-H "x-api-key: $ANTHROPIC_API_KEY" \ # Truncated key for privacy
-H "anthropic-version: 2023-06-01" \
-H "content-type: application/json" \
-d '{"model":"claude-sonnet-4-5-20250929","max_tokens":10,"messages":[{"role":"user","content":"hi"}]}'
Returns valid response. Key is good, just not being used by Claude Code.

Root Cause Hypothesis:

The Console OAuth flow successfully generates an API key (proven by keys appearing in the Console dashboard), but the credential is either:

a) Stored in a location the runtime doesn't check
b) Overridden by cached Max subscription credentials
c) Discarded when the runtime's auth priority chain runs and finds existing subscription auth first

The fact that each attempt creates a new key confirms the OAuth flow completes server-side. The failure is client-side; the runtime doesn't pick up what it just generated.

Why This Matters:

I run coordinated multi-agent development. This includes architecture design/verification against existing engineering documentation in claude.ai while Claude Code implements in VS Code simultaneously. The rate limit is shared across claude.ai and Claude Code (documented behavior). When I hit the 5-hour window limit, I need to switch Claude Code to my separately billed Console API key to continue the implementation agent's work while keeping my claude.ai session for design review.
The API key path being broken means hitting the shared rate limit kills both surfaces with no workaround, despite paying for two separate access methods.

Environment Details:

OS: Debian 13 (Trixie): Linux blacksite-powerhouse 6.12.63+deb13-amd64 #1 SMP PREEMPT_DYNAMIC
Claude Code: VS Code extension v2.1.52 (not standalone CLI) - As of writing, extension was ~45 minutes updated.
Platform: VS Code on x86_64

Related Issues

#25069: Same "Not logged in" behavior on macOS, attributed to keychain auth priority. My report on Debian/Linux may suggest this is cross-platform, not keychain-specific. The auth priority chain is broken at a deeper level.
#2944 : Feature request for API fallback when subscription limits are reached. This feature requires the Console auth path to actually work.
#19906: User unable to switch between personal and work accounts. Same class of problem; the auth system doesn't cleanly support multiple credential sources.

What Should Happen?

API key authentication should work as an independent auth path, allowing Claude Code to use Console API billing separately from the Max (or other level) subscription. Should also allow switching between them seamlessly when required by the user.

Error Messages/Logs

Steps to Reproduce

  1. Run /logout in Claude Code
  2. Run /login
  3. Select "Anthropic Console" (not the Max/Pro account option)
  4. Complete the OAuth flow — it redirects, authenticates, returns to Claude Code
  5. Login appears to succeed (no error, returns to prompt)
  6. Send any message
  7. Result: "Not logged in · Please run /login"
  8. Check console.anthropic.com → API Keys → a new key was generated by the login attempt
  9. Repeat steps 2-7 → another new key appears each time

After multiple attempts, the Console dashboard shows a stack of auto-generated API keys — one per login attempt — none of which are actually being used by the runtime.
Logging back in with the Max (in this case, would assume same for other account tiers) account works immediately every time.

Claude Model

None

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

v2.1.52

Platform

Anthropic API

Operating System

Ubuntu/Debian Linux

Terminal/Shell

VS Code integrated terminal

Additional Information

I do not have the terminal Claude Code version, nor any other version aside from the integrated VSCode extension.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗