[BUG] Hardcoded orgUUID and affecting Max account

Resolved 💬 3 comments Opened Mar 16, 2026 by unitedappsmaker-tech Closed Apr 14, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Bug Report: Claude Code hardcodes wrong orgUUID in OAuth URL, blocking personal Max account login

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported
  • [x] This is a single bug report
  • [x] I am using the latest version of Claude Code

What's Wrong?

Claude Code hardcodes orgUUID=33baa0bf-09be-4030-8f99-9e8118a56e5d into every OAuth URL it generates. This UUID does not match my personal Max account's org UUID (a70523da-3526-4217-9cd2-7e8d2ed3bff2), causing Anthropic's server to reject the login with:

"Can't access this organization — You don't have access to this organization or it doesn't meet the requirements for Claude Code."

Environment

  • Claude Code version: 2.1.76 (darwin-arm64)
  • OS: macOS (Apple Silicon)
  • Shell: zsh (Warp terminal)
  • Account type: Claude Max (stripe_subscription)
  • Email: unitedappsmaker@gmail.com
  • My org UUID: a70523da-3526-4217-9cd2-7e8d2ed3bff2
  • Installation method: Homebrew (brew install claude-code)

OAuth URL Generated by Claude Code

https://claude.ai/oauth/authorize?code=true
  &client_id=9d1c250a-e61b-44d9-88ed-5944d1962f5e
  &response_type=code
  &redirect_uri=http%3A%2F%2Flocalhost%3A52310%2Fcallback
  &scope=org%3Acreate_api_key+user%3Aprofile+user%3Ainference+user%3Asessions%3Aclaude_code+user%3Amcp_servers+user%3Afile_upload
  &orgUUID=33baa0bf-09be-4030-8f99-9e8118a56e5d  ← WRONG UUID

Evidence: UUID is hardcoded in binary

grep -r "33baa0bf" ~/ --include="*.json" 2>/dev/null
# Result: Binary file ~/.claude/downloads/claude-2.1.72-darwin-arm64 matches

The UUID exists only in the Claude Code binary — not in any config file, .claude.json, or environment variable.

Steps to Reproduce

  1. Install Claude Code via Homebrew
  2. Use a custom CLAUDE_CONFIG_DIR for a personal Max account
  3. Run claude — OAuth URL is generated
  4. URL contains orgUUID=33baa0bf regardless of which account/config is used
  5. Completing login returns: "Can't access this organization"

What I've Tried

  • [x] Disconnected from corporate VPN
  • [x] Used incognito browser logged into correct account
  • [x] Manually replaced orgUUID in OAuth URL with correct org UUID (a70523da) — browser returned auth code but Claude Code rejected it with HTTP 400
  • [x] Cleared all cached auth state (rm ~/.claude-work/.claude.json)
  • [x] Fresh empty .claude.json
  • [x] Multiple OAuth attempts across different ports

Additional Context

I run Claude Code in a multi-account setup:

  • cc-personalCLAUDE_CONFIG_DIR=~/.claude-work → personal Max account (broken)
  • cc-companyCLAUDE_CONFIG_DIR=~/.claude-company → Confluent Vertex AI (works fine)

The cc-company setup uses GCP ADC (Vertex AI) and works correctly. Only the personal Max OAuth flow is broken due to this hardcoded UUID.

Expected Behavior

OAuth URL should either:

  1. Use the correct org UUID from the authenticated account's config, OR
  2. Omit orgUUID entirely for personal Pro/Max subscriptions

The binary should not hardcode an org UUID that doesn't match personal subscription accounts.

Workaround

None found. Personal Max account is completely inaccessible via Claude Code.

What Should Happen?

Able to use my Personal Max acconunt

Error Messages/Logs

https://claude.ai/oauth/authorize?code=true&client_id=9d1c250a-e61b-44d9-88ed-5944d1962f5e&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A53993%2Fcallback&scope=org%3Acreate_api_key+user%3Aprofile+user%3Ainference+user%3Asessions%3Aclaude_code+user%3Amcp_servers+user%3Afile_upload&code_challenge=BdKQcFlkR4fFWC3Wj8Ps-vNd9qr2BPIb7fB9uA_Xz00&code_challenge_method=S256&state=YJ4anQNw41KPIfXD4qIU6-OLRhqUK1-YrlFbbCx3nFw&orgUUID=33baa0bf-09be-4030-8f99-9e8118a56e5d 

Somewhere this OrgUUID is mapped or hardcoded.

Steps to Reproduce

Steps to Reproduce

  1. Have two Claude Code setups on same machine:
  • Personal Max account (OAuth/subscription)
  • Corporate Vertex AI account (GCP ADC)
  1. Configure separate CLAUDE_CONFIG_DIR for each:
   alias cc-personal='CLAUDE_CONFIG_DIR=~/.claude-work command claude'
   alias cc-company='CLAUDE_CODE_USE_VERTEX=1 CLAUDE_CONFIG_DIR=~/.claude-company command claude'
  1. cc-company (Vertex AI) works fine — no OAuth needed
  1. Run cc-personal:
   cc-personal
  1. Claude Code generates OAuth URL:

https://claude.ai/oauth/authorize?...&orgUUID=33baa0bf-09be-4030-8f99-9e8118a56e5d

  1. Open URL in browser (incognito, logged into personal Max account)
  1. Result: "Can't access this organization"

Key Observation

The orgUUID in the OAuth URL (33baa0bf) does not match the personal
Max account's org UUID (a70523da). The binary appears to pick up
the orgUUID from a previous Vertex AI / corporate session context
and injects it into the personal account OAuth flow.

This suggests CLAUDE_CONFIG_DIR isolation is not fully respected
during OAuth URL gener

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

2.1.74

Claude Code Version

2.1.76

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Warp

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗