[DOCS] Authentication docs missing recovery guidance for expired `CLAUDE_CODE_OAUTH_TOKEN`
Documentation Type
Missing documentation (feature not documented)
Documentation Location
https://code.claude.com/docs/en/authentication
Section/Topic
"Credential management", "Authentication precedence", and "Generate a long-lived token"
Current Documentation
The docs currently say:
5.CLAUDE_CODE_OAUTH_TOKENenvironment variable. A long-lived OAuth token generated by [claude setup-token](#generate-a-long-lived-token). Use this for CI pipelines and scripts where browser login isn't available.
The command walks you through OAuth authorization and prints a token to the terminal. It does not save the token anywhere; copy it and set it as the CLAUDE_CODE_OAUTH_TOKEN environment variable wherever you want to authenticate:
If Claude Code prompts you to log in again after a session, your OAuth token may have expired. Run /login to re-authenticate. If this happens frequently, check that your system clock is accurate, as token validation depends on correct timestamps.
What's Wrong or Missing?
Changelog v2.1.117 includes: "Fixed /login having no effect when launched with CLAUDE_CODE_OAUTH_TOKEN env var and that token expires".
That fix exposes a user-facing authentication path the docs do not currently explain: what should happen when Claude Code is launched with CLAUDE_CODE_OAUTH_TOKEN, that token later expires, and the user tries to recover interactively.
The current docs explain that CLAUDE_CODE_OAUTH_TOKEN is an alternative to /login and that expired OAuth sessions should be fixed with /login, but they do not connect those two cases. They do not say whether /login is expected to recover from an expired env-var token, whether users need to remove the environment variable first, or when they should use the refresh-token flow instead.
Suggested Improvement
Add a short subsection to the authentication or troubleshooting docs for expired env-var OAuth credentials, for example "When CLAUDE_CODE_OAUTH_TOKEN expires".
That section should clarify:
- the intended interaction between
CLAUDE_CODE_OAUTH_TOKENand/login/claude auth login - the supported recovery path after an env-var OAuth token expires in an interactive session
- when to prefer
CLAUDE_CODE_OAUTH_REFRESH_TOKENplusCLAUDE_CODE_OAUTH_SCOPESfor renewable automated authentication instead of a fixed access token - how to verify which auth method is active with
/status
Impact
Medium - Makes feature difficult to understand
Additional Context
Affected Pages:
| Page | Context |
|------|---------|
| https://code.claude.com/docs/en/authentication | Documents auth precedence and claude setup-token, but not expired CLAUDE_CODE_OAUTH_TOKEN recovery |
| https://code.claude.com/docs/en/env-vars | Lists CLAUDE_CODE_OAUTH_TOKEN, CLAUDE_CODE_OAUTH_REFRESH_TOKEN, and CLAUDE_CODE_OAUTH_SCOPES without explaining the recovery path when the access token expires |
| https://code.claude.com/docs/en/troubleshooting | Gives generic expired OAuth guidance (/login), but not the env-var-token case |
| https://code.claude.com/docs/en/cli-reference | Lists claude auth login and claude setup-token, but not when to use each after env-var token expiration |
Total scope: 4 pages affected
Source: Changelog v2.1.117
Exact changelog entry: Fixed /login having no effect when launched with CLAUDE_CODE_OAUTH_TOKEN env var and that token expires
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗