OAuth token refresh overwrites keychain item and resets third-party app permissions

Resolved 💬 3 comments Opened Mar 30, 2026 by Komunikuji Closed Apr 3, 2026

What's happening

Claude Code periodically refreshes its OAuth token and overwrites the "Claude Code-credentials" keychain item. This resets the ACL on the item, causing third-party apps (e.g. CodexBar) to lose their "Always Allow" permission and prompt the user again.

Expected behavior

When refreshing the token, existing keychain ACL permissions should be preserved so that previously authorized apps do not need to re-request access.

Context

  • macOS, standard user account
  • The keychain item shows modification timestamps consistent with nightly token refresh
  • Affected third-party app: CodexBar (steipete/CodexBar)

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗