OAuth login broken for remote/headless server setups

Resolved 💬 7 comments Opened Apr 3, 2026 by prismon Closed May 1, 2026

Description

claude auth login OAuth flow is broken when Claude Code runs on a remote server and the browser is on a separate local machine. The authorization code callback is not being exchanged for a token.

Setup

  • Claude Code running on a remote Linux server (SSH)
  • Browser on a separate local machine
  • Using Remote Control feature, which requires full-scope OAuth login (not long-lived tokens)

Steps to Reproduce

  1. Run claude auth login on a remote server
  2. OAuth flow directs to browser on local machine
  3. Browser completes authorization, receives callback URL: https://platform.claude.com/oauth/code/callback?code=<code>&state=<state>
  4. The authorization code is never exchanged — the local listener on the server doesn't receive the callback

Expected Behavior

The OAuth flow should complete successfully, exchanging the authorization code for a full-scope token, even when the browser and CLI are on different machines.

Actual Behavior

The callback URL isn't routed back to the CLI's listener on the remote server. The user sees the code in the browser URL but has no way to manually provide it to the CLI. Remote Control reports: "Remote Control requires a full-scope login token."

Notes

  • This reportedly worked previously and has regressed
  • Workarounds like SSH port forwarding or copying credentials from a local machine exist but shouldn't be necessary
  • A device-code flow or manual code-paste option would solve this for headless/remote environments

View original on GitHub ↗

This issue has 7 comments on GitHub. Read the full discussion on GitHub ↗