[BUG] Claude Desktop Code/Cowork mode returns 403 "Request not allowed" while CLI and Chat work fine
Bug Description
Claude Desktop's Code mode and Cowork mode consistently return 403 {"error":{"type":"forbidden","message":"Request not allowed"}}, while all other methods of using Claude work perfectly:
| Environment | Status |
|-------------|--------|
| Claude Desktop Chat | ✅ Works |
| Claude Desktop Code | ❌ 403 Forbidden |
| Claude Desktop Cowork | ❌ 403 Forbidden |
| claude.ai (web browser) | ✅ Works |
| Claude Code CLI (terminal) | ✅ Works |
| Claude Code in VSCode | ✅ Works |
Key Details
- Subscription: Max plan
- Account email: qinwanjiede@gmail.com
- Org ID:
99948e90-83d1-437b-8d89-9852170009d1 - Claude Desktop version: 1.1.5749
- Claude Code CLI version: 2.1.62
- macOS version: 26.3 (Build 25D125)
- Architecture: Apple Silicon (arm64)
OAuth Token Works, API Rejects
The OAuth token exchange succeeds — the token is obtained and cached. But when Code/Cowork uses this token to call the API, it gets rejected:
[oauth] obtained new token for orgId=99948e90-83d1-437b-8d89-9852170009d1, caching
...
[APIError] Intermediate SDK error "authentication_failed" for session local_xxx
error_message: 'Failed to authenticate. API Error: 403 {"error":{"type":"forbidden","message":"Request not allowed"}}'
Cowork VM Behavior
The Cowork VM starts successfully, API reachability check passes, OAuth token is approved, but Claude Code inside the VM exits within ~2-3 seconds:
[VM] API reachability: REACHABLE
[Spawn:vm] OAuth token approved with MITM proxy
[Spawn:vm] Spawn succeeded in 235ms
[Process] Exited, code=0, signal=null, duration=3099ms
CLI Auth Status (same account, works fine)
{
"loggedIn": true,
"authMethod": "claude.ai",
"apiProvider": "firstParty",
"email": "qinwanjiede@gmail.com",
"orgId": "99948e90-83d1-437b-8d89-9852170009d1",
"subscriptionType": "max"
}
What I've Tried
- ✅ Signed out and back in from Claude Desktop
- ✅ Cleared auth cache (Local Storage, Session Storage, Cookies, HTTPStorages)
- ✅ Reinstalled Claude Desktop
- ✅ Set proxy env vars via
launchctl setenv - ✅ Launched with explicit
HTTP_PROXY/HTTPS_PROXYenv vars - ✅ Tested with TUN mode on/off
- ✅ Verified network connectivity —
api.anthropic.comis reachable and returns proper responses - ✅ Confirmed the same account works perfectly via CLI and web
Expected Behavior
Code and Cowork modes should work the same as Chat mode and CLI, since the account is authenticated and has a Max subscription.
Request
Could you please check if there is a server-side restriction on the Code/Cowork feature for this account (org ID 99948e90-83d1-437b-8d89-9852170009d1)? The 403 appears to be a server-side policy rejection since the OAuth token is valid but the API returns forbidden instead of authentication_error.
This issue has 9 comments on GitHub. Read the full discussion on GitHub ↗