OAuth tokens from ccr_inference (Cowork/CCD scheduled tasks) accumulate without cleanup

Resolved 💬 11 comments Opened Mar 24, 2026 by trek-e Closed Apr 22, 2026

Description

OAuth tokens created by Claude Desktop's background Claude Code Runner sessions (ccr_inference) accumulate on the account without being revoked when the background session ends. Over normal usage, 30+ stale tokens pile up visible at https://claude.ai/settings/claude-code.

Steps to Reproduce

  1. Enable coworkScheduledTasksEnabled and ccdScheduledTasksEnabled in Claude Desktop config (both default to true)
  2. Use Claude Desktop normally for a few days
  3. Visit https://claude.ai/settings/claude-code
  4. Observe 30+ ccr_inference sessions listed, most from completed/dead background runs

Expected Behavior

Background ccr_inference sessions should revoke their OAuth token when the session completes or is cleaned up. The settings page should show only active sessions.

Actual Behavior

Every background session creates a new OAuth token that persists indefinitely. No automatic cleanup occurs. There is also no "Revoke All" button to bulk-clear them.

Environment

  • Claude Desktop v1.1.8359
  • Claude Code v2.1.78
  • macOS 15 (Darwin 25.3.0)

Additional Context

  • No revoke all option exists on the settings page — users must click through each one individually
  • The accumulation is confusing and looks like session stealing to users who notice it
  • Feature request: either auto-revoke on session end, or add a "Revoke All" bulk action

View original on GitHub ↗

This issue has 11 comments on GitHub. Read the full discussion on GitHub ↗