OAuth token refresh overwrites keychain item and resets third-party app permissions
Resolved 💬 3 comments Opened Mar 30, 2026 by Komunikuji Closed Apr 3, 2026
What's happening
Claude Code periodically refreshes its OAuth token and overwrites the "Claude Code-credentials" keychain item. This resets the ACL on the item, causing third-party apps (e.g. CodexBar) to lose their "Always Allow" permission and prompt the user again.
Expected behavior
When refreshing the token, existing keychain ACL permissions should be preserved so that previously authorized apps do not need to re-request access.
Context
- macOS, standard user account
- The keychain item shows modification timestamps consistent with nightly token refresh
- Affected third-party app: CodexBar (steipete/CodexBar)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗