[BUG] OAuth login fails on Linux/VPS: code_challenge_method missing in authorization request
Resolved 💬 3 comments Opened Apr 5, 2026 by QROST Closed Apr 9, 2026
Environment
- Claude Code version: 2.1.85 (also reproduced on 2.1.89)
- OS: Ubuntu 22.04.5 LTS (VPS, SSH session, no GUI)
- Node.js: v22.22.0
- Subscription: Claude Max
- Auth method: OAuth (
claude→ browser URL flow)
Steps to Reproduce
- Install Claude Code on a Linux VPS via
curl -fsSL https://claude.ai/install.sh | bash -s stable - Run
claudeto trigger login - Copy the generated OAuth URL and open it in a browser
Expected Behavior
OAuth authorization page loads and allows login with Claude Max account.
Actual Behavior
Browser shows:
Invalid OAuth Request
Invalid code_challenge_method: missing. Expected: 'S256'
The code_challenge_method parameter is entirely absent from the authorization URL generated by Claude Code on Linux.
Error Progression
- First attempt (v2.1.85, initial install):
Invalid code_challenge_method: S256. Expected: 'S256'— value present but rejected - After clean reinstall:
Invalid code_challenge_method: missing. Expected: 'S256'— value absent entirely - v2.1.89: Same behavior
Additional Notes
- Copying
~/.claude.json(withoauthAccount) from an authenticated macOS machine to the VPS does not bypass the issue — runningclaudeagain on the VPS still generates a broken OAuth URL - The same Claude Max account authenticates successfully on macOS with the same Claude Code version
- VPS is accessed via SSH only (no browser on the server); the OAuth URL is copied and opened on a local macOS machine
Hypothesis
The PKCE code_challenge / code_challenge_method=S256 parameters are not being included in the OAuth authorization URL when Claude Code runs on Linux. This may be a platform-specific issue or a difference in how the crypto module behaves between macOS and Linux Node.js builds.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗