[BUG] OAuth login fails on Linux/VPS: code_challenge_method missing in authorization request

Resolved 💬 3 comments Opened Apr 5, 2026 by QROST Closed Apr 9, 2026

Environment

  • Claude Code version: 2.1.85 (also reproduced on 2.1.89)
  • OS: Ubuntu 22.04.5 LTS (VPS, SSH session, no GUI)
  • Node.js: v22.22.0
  • Subscription: Claude Max
  • Auth method: OAuth (claude → browser URL flow)

Steps to Reproduce

  1. Install Claude Code on a Linux VPS via curl -fsSL https://claude.ai/install.sh | bash -s stable
  2. Run claude to trigger login
  3. Copy the generated OAuth URL and open it in a browser

Expected Behavior

OAuth authorization page loads and allows login with Claude Max account.

Actual Behavior

Browser shows:

Invalid OAuth Request
Invalid code_challenge_method: missing. Expected: 'S256'

The code_challenge_method parameter is entirely absent from the authorization URL generated by Claude Code on Linux.

Error Progression

  • First attempt (v2.1.85, initial install): Invalid code_challenge_method: S256. Expected: 'S256' — value present but rejected
  • After clean reinstall: Invalid code_challenge_method: missing. Expected: 'S256' — value absent entirely
  • v2.1.89: Same behavior

Additional Notes

  • Copying ~/.claude.json (with oauthAccount) from an authenticated macOS machine to the VPS does not bypass the issue — running claude again on the VPS still generates a broken OAuth URL
  • The same Claude Max account authenticates successfully on macOS with the same Claude Code version
  • VPS is accessed via SSH only (no browser on the server); the OAuth URL is copied and opened on a local macOS machine

Hypothesis

The PKCE code_challenge / code_challenge_method=S256 parameters are not being included in the OAuth authorization URL when Claude Code runs on Linux. This may be a platform-specific issue or a difference in how the crypto module behaves between macOS and Linux Node.js builds.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗