[DOCS] Authentication docs missing recovery guidance for expired `CLAUDE_CODE_OAUTH_TOKEN`

Open 💬 3 comments Opened Apr 22, 2026 by coygeek

Documentation Type

Missing documentation (feature not documented)

Documentation Location

https://code.claude.com/docs/en/authentication

Section/Topic

"Credential management", "Authentication precedence", and "Generate a long-lived token"

Current Documentation

The docs currently say:

5. CLAUDE_CODE_OAUTH_TOKEN environment variable. A long-lived OAuth token generated by [claude setup-token](#generate-a-long-lived-token). Use this for CI pipelines and scripts where browser login isn't available.
The command walks you through OAuth authorization and prints a token to the terminal. It does not save the token anywhere; copy it and set it as the CLAUDE_CODE_OAUTH_TOKEN environment variable wherever you want to authenticate:
If Claude Code prompts you to log in again after a session, your OAuth token may have expired. Run /login to re-authenticate. If this happens frequently, check that your system clock is accurate, as token validation depends on correct timestamps.

What's Wrong or Missing?

Changelog v2.1.117 includes: "Fixed /login having no effect when launched with CLAUDE_CODE_OAUTH_TOKEN env var and that token expires".

That fix exposes a user-facing authentication path the docs do not currently explain: what should happen when Claude Code is launched with CLAUDE_CODE_OAUTH_TOKEN, that token later expires, and the user tries to recover interactively.

The current docs explain that CLAUDE_CODE_OAUTH_TOKEN is an alternative to /login and that expired OAuth sessions should be fixed with /login, but they do not connect those two cases. They do not say whether /login is expected to recover from an expired env-var token, whether users need to remove the environment variable first, or when they should use the refresh-token flow instead.

Suggested Improvement

Add a short subsection to the authentication or troubleshooting docs for expired env-var OAuth credentials, for example "When CLAUDE_CODE_OAUTH_TOKEN expires".

That section should clarify:

  • the intended interaction between CLAUDE_CODE_OAUTH_TOKEN and /login / claude auth login
  • the supported recovery path after an env-var OAuth token expires in an interactive session
  • when to prefer CLAUDE_CODE_OAUTH_REFRESH_TOKEN plus CLAUDE_CODE_OAUTH_SCOPES for renewable automated authentication instead of a fixed access token
  • how to verify which auth method is active with /status

Impact

Medium - Makes feature difficult to understand

Additional Context

Affected Pages:

| Page | Context |
|------|---------|
| https://code.claude.com/docs/en/authentication | Documents auth precedence and claude setup-token, but not expired CLAUDE_CODE_OAUTH_TOKEN recovery |
| https://code.claude.com/docs/en/env-vars | Lists CLAUDE_CODE_OAUTH_TOKEN, CLAUDE_CODE_OAUTH_REFRESH_TOKEN, and CLAUDE_CODE_OAUTH_SCOPES without explaining the recovery path when the access token expires |
| https://code.claude.com/docs/en/troubleshooting | Gives generic expired OAuth guidance (/login), but not the env-var-token case |
| https://code.claude.com/docs/en/cli-reference | Lists claude auth login and claude setup-token, but not when to use each after env-var token expiration |

Total scope: 4 pages affected

Source: Changelog v2.1.117

Exact changelog entry: Fixed /login having no effect when launched with CLAUDE_CODE_OAUTH_TOKEN env var and that token expires

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗