OAuth token not refreshed/persisted to macOS Keychain, requiring re-login every session

Resolved 💬 3 comments Opened Mar 25, 2026 by nvvibes Closed Mar 28, 2026

Description

Claude Code requires re-authentication every time it's opened on macOS. The OAuth access token has a ~15 hour lifetime and the refresh token is not being used to persist a new access token back to Keychain.

Evidence

  • macOS Keychain entry Claude Code-credentials exists with both accessToken and refreshToken
  • Keychain cdat (created) and mdat (modified) timestamps are identical — the credential is written once and never updated
  • Access token expiresAt is ~15 hours after creation
  • Keychain settings are fine (no-timeout, no auto-lock)
  • Credential is readable via security find-generic-password

Environment

  • Claude Code version: 2.1.81
  • macOS Darwin 24.6.0
  • Subscription: Claude Max 5x (OAuth login)
  • Keychain: login.keychain-db

Expected behavior

The refresh token should be used to obtain a new access token before/when the current one expires, and the updated credential should be written back to Keychain so that login persists across sessions.

Actual behavior

Token expires after ~15 hours, refresh never fires (or result is never persisted), and user is prompted to log in again on next launch.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗