[DOCS] Authentication docs omit `/login` behavior when `CLAUDE_CODE_OAUTH_TOKEN` is set
Documentation Type
Unclear/confusing documentation
Documentation Location
https://code.claude.com/docs/en/authentication
Section/Topic
Credential management / Authentication precedence
Current Documentation
The authentication docs currently say:
When multiple credentials are present, Claude Code chooses one in this order: 5.CLAUDE_CODE_OAUTH_TOKENenvironment variable. A long-lived OAuth token generated by [claude setup-token](#generate-a-long-lived-token). Use this for CI pipelines and scripts where browser login isn't available. 6. Subscription OAuth credentials from/login. This is the default for Claude Pro, Max, Team, and Enterprise users.
The environment variable reference also says:
CLAUDE_CODE_OAUTH_TOKEN| OAuth access token for Claude.ai authentication. Alternative to/loginfor SDK and automated environments. Takes precedence over keychain-stored credentials.
The quickstart page says:
Once logged in, your credentials are stored and you won't need to log in again. To switch accounts later, use the /login command.
These pages do not explain what happens if an interactive session starts with CLAUDE_CODE_OAUTH_TOKEN and the user then runs /login.
What's Wrong or Missing?
Claude Code v2.1.118 fixed /login having no effect in a session launched with CLAUDE_CODE_OAUTH_TOKEN by clearing the env token so stored disk credentials take effect.
The current docs describe credential precedence and /login separately, but they do not document this interaction. As written, the docs imply that CLAUDE_CODE_OAUTH_TOKEN simply outranks stored /login credentials, without explaining that an interactive re-login now clears the session's env-token auth so the newly stored credentials become active.
That leaves an important user-visible behavior undocumented:
CLAUDE_CODE_OAUTH_TOKENis presented as an alternative to/loginfor automation/loginis presented as the way to switch accounts later- but the docs never explain how
/loginbehaves when the current session was launched withCLAUDE_CODE_OAUTH_TOKEN
Suggested Improvement
Add a short note under Authentication precedence (and mirror it in the env var reference) explaining that:
CLAUDE_CODE_OAUTH_TOKENis primarily for CI, scripts, and automated environments.- If an interactive Claude Code session was launched with
CLAUDE_CODE_OAUTH_TOKENand the user runs/loginorclaude auth login, Claude Code clears that session's env-token auth so the newly stored disk credentials take effect. - Users who want to switch accounts interactively should use
/login, then verify the active auth method with/status.
This would make the precedence docs and the quickstart guidance consistent with the v2.1.118 behavior.
Impact
Medium - Makes feature difficult to understand
Additional Context
Affected Pages:
| Page | Context |
|------|---------|
| https://code.claude.com/docs/en/authentication | Authentication precedence and CLAUDE_CODE_OAUTH_TOKEN usage |
| https://code.claude.com/docs/en/env-vars | Env var reference currently says the token takes precedence over keychain-stored credentials |
| https://code.claude.com/docs/en/quickstart | Quickstart says /login is how to switch accounts later |
Total scope: 3 pages affected
Source: Changelog v2.1.118
Exact changelog entry:
Fixed/loginhaving no effect in a session launched withCLAUDE_CODE_OAUTH_TOKEN— the env token is now cleared so disk credentials take effect
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗