Claude in Chrome: 'Invalid token or user mismatch' on Desktop app bridge connection

Resolved 💬 4 comments Opened Apr 8, 2026 by JohnHubble Closed May 27, 2026

Environment

  • Claude Desktop app v1.1062.0 (macOS, Darwin 25.4.0)
  • Claude Code v2.1.92 (subprocess within Desktop app)
  • Chrome extension ID: fcoeoabgfenejglbffodgkkbkcdhcgfn
  • macOS, personal workspace account

Problem

Claude in Chrome extension cannot connect from the Desktop app. The bridge repeatedly fails with "Invalid token or user mismatch" (WebSocket close code 1008).

What works

  • chromeExtensionEnabled: true is set in claude_desktop_config.json — bridge initializes
  • Native host binary runs correctly, socket created at /tmp/claude-mcp-browser-bridge-cyberjack/{pid}.sock
  • Socket is connectable (verified with node net.createConnection)
  • OAuth token is fresh (cache cleared, re-signed in to both Desktop and Chrome extension)
  • Chrome extension is installed, enabled, and signed in

Logs

[Claude in Chrome] Connecting to bridge: wss://bridge.claudeusercontent.com/chrome/{userId}
[Claude in Chrome] WebSocket connected, sending connect message
[Claude in Chrome] Bridge error: Invalid token or user mismatch
[Claude in Chrome] Bridge connection closed (code: 1008, duration: 0ms)

This repeats on every retry attempt. The OAuth token scope is user:inference user:office.

What was tried

  1. Cleared OAuth token cache in config.json — fresh token obtained, same error
  2. Signed out and back in to Claude.app — same error
  3. Signed out and back in to Chrome extension — same error
  4. Set tengu_copper_bridge: false in .claude.json — overwritten back to true on startup by GrowthBook
  5. Restarted Chrome, Claude.app, and toggled extension multiple times
  6. Verified native host config points to correct binary

Likely cause

Based on GitHub issues #38068, #34990, and #32011 — the bridge server may require user:sessions:claude_code scope which is not included in the Desktop app's OAuth token request (only user:inference user:office). This may be related to org-level scope restrictions.

Related issues

  • #38068 — OAuth scope mismatch
  • #34990 — Business domain triggers org scope restrictions
  • #32011 — Two root causes for bridge auth failure
  • #27055 — Server-side stale state

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗