OAuth tokens from ccr_inference (Cowork/CCD scheduled tasks) accumulate without cleanup
Resolved 💬 11 comments Opened Mar 24, 2026 by trek-e Closed Apr 22, 2026
Description
OAuth tokens created by Claude Desktop's background Claude Code Runner sessions (ccr_inference) accumulate on the account without being revoked when the background session ends. Over normal usage, 30+ stale tokens pile up visible at https://claude.ai/settings/claude-code.
Steps to Reproduce
- Enable
coworkScheduledTasksEnabledandccdScheduledTasksEnabledin Claude Desktop config (both default totrue) - Use Claude Desktop normally for a few days
- Visit https://claude.ai/settings/claude-code
- Observe 30+
ccr_inferencesessions listed, most from completed/dead background runs
Expected Behavior
Background ccr_inference sessions should revoke their OAuth token when the session completes or is cleaned up. The settings page should show only active sessions.
Actual Behavior
Every background session creates a new OAuth token that persists indefinitely. No automatic cleanup occurs. There is also no "Revoke All" button to bulk-clear them.
Environment
- Claude Desktop v1.1.8359
- Claude Code v2.1.78
- macOS 15 (Darwin 25.3.0)
Additional Context
- No
revoke alloption exists on the settings page — users must click through each one individually - The accumulation is confusing and looks like session stealing to users who notice it
- Feature request: either auto-revoke on session end, or add a "Revoke All" bulk action
This issue has 11 comments on GitHub. Read the full discussion on GitHub ↗