[BUG] issues #48806 and #44541 "OAuth token forbidden (403) — missing scope or org access"

Resolved 💬 3 comments Opened May 2, 2026 by KKJJ56 Closed May 6, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Summary
After updating Claude Desktop to version 1.5354.0 on April 29, 2026, the Claude in Chrome bridge connection fails with OAuth token forbidden (403) - missing scope or org access. The Chrome extension works perfectly standalone in the browser, but Cowork sessions cannot connect to it.

What Should Happen?

Expected Behavior
Cowork session connects to the Chrome extension via the bridge and browser tools work normally (this was working before the update).

Error Messages/Logs

Actual Behavior
The bridge WebSocket connects to wss://bridge.claudeusercontent.com/chrome/ but is immediately rejected with HTTP 403.
Error from logs (%APPDATA%\Claude\logs\main.log):
[Claude in Chrome] Connecting to bridge: wss://bridge.claudeusercontent.com/chrome/a4d76241-7a8e-41ec-9197-2362ddedb96a
[Claude in Chrome] WebSocket connected, sending connect message
[warn] [Claude in Chrome] Bridge error: OAuth token forbidden (403) - missing scope or org access
[Claude in Chrome] Bridge connection closed (code: 1008, duration: 0ms)
Token scope details:
[oauth] looking up token for orgId=e8ac4c31-35a4-426c-a71e-ed845a4acc85, 
cacheKey=89355bc3-cbfd-4382-905b-976645cad410:e8ac4c31-35a4-426c-a71e-ed845a4acc85:
https://api.anthropic.com:user:inference user:office
The token scopes are user:inference user:office. The Chrome bridge rejects this token.
What I've Already Tried (All Failed)

Reloading the Chrome extension (toggle off/on in chrome://extensions)
Restarting Chrome
Restarting Claude Desktop
Signing out and back into Claude Desktop (fresh OAuth token obtained, still 403)
Clearing Session Storage to force token refresh
Toggling Claude in Chrome connector off/on in Settings > Connectors
Full uninstall/reinstall of Claude Desktop

Steps to Reproduce

Bug Report: Claude in Chrome Bridge Failure in Cowork Mode After Desktop Update

Summary

After updating Claude Desktop to version 1.5354.0 on April 29, 2026, the Claude in Chrome bridge connection fails with OAuth token forbidden (403) - missing scope or org access. The Chrome extension works perfectly standalone in the browser, but Cowork sessions cannot connect to it.

Environment

  • Claude Desktop Version: 1.5354.0 (MSIX, installed April 29, 2026)
  • OS: Windows 11 (10.0.26200), CoreSingleLanguage, x64
  • Chrome Extension Version: 1.0.69 (Claude in Chrome Beta)
  • Chrome Extension ID: fcoeoabgfenejglbffodgkkbkcdhcgfn
  • Plan: Pro ($21/month, active, last invoice April 23, 2026)
  • Account Email: rafatawad81@gmail.com

Steps to Reproduce

  1. Update Claude Desktop to version 1.5354.0
  2. Open Chrome with Claude in Chrome extension installed and signed in
  3. Open a Cowork session
  4. Attempt any browser tool (e.g., tabs_context_mcp)
  5. Connection fails with "Claude in Chrome is not connected"

Expected Behavior

Cowork session connects to the Chrome extension via the bridge and browser tools work normally (this was working before the update).

Actual Behavior

The bridge WebSocket connects to wss://bridge.claudeusercontent.com/chrome/ but is immediately rejected with HTTP 403.

Error from logs (%APPDATA%\Claude\logs\main.log):

[Claude in Chrome] Connecting to bridge: wss://bridge.claudeusercontent.com/chrome/a4d76241-7a8e-41ec-9197-2362ddedb96a
[Claude in Chrome] WebSocket connected, sending connect message
[warn] [Claude in Chrome] Bridge error: OAuth token forbidden (403) - missing scope or org access
[Claude in Chrome] Bridge connection closed (code: 1008, duration: 0ms)

Token scope details:

[oauth] looking up token for orgId=e8ac4c31-35a4-426c-a71e-ed845a4acc85, 
cacheKey=89355bc3-cbfd-4382-905b-976645cad410:e8ac4c31-35a4-426c-a71e-ed845a4acc85:
https://api.anthropic.com:user:inference user:office

The token scopes are user:inference user:office. The Chrome bridge rejects this token.

What I've Already Tried (All Failed)

  1. Reloading the Chrome extension (toggle off/on in chrome://extensions)
  2. Restarting Chrome
  3. Restarting Claude Desktop
  4. Signing out and back into Claude Desktop (fresh OAuth token obtained, still 403)
  5. Clearing Session Storage to force token refresh
  6. Toggling Claude in Chrome connector off/on in Settings > Connectors
  7. Full uninstall/reinstall of Claude Desktop

Key Diagnostic Finding

Even after a full sign-out/sign-in cycle, the NEW token still gets 403:

[oauth] no cached token found for orgId=e8ac4c31-35a4-426c-a71e-ed845a4acc85
[oauth] performing fresh oauth exchange for orgId=e8ac4c31-35a4-426c-a71e-ed845a4acc85
[oauth] obtained new token for orgId=e8ac4c31-35a4-426c-a71e-ed845a4acc85, caching
...
[warn] [Claude in Chrome] Bridge error: OAuth token forbidden (403) - missing scope or org access

This confirms the issue is server-side, not a cached token problem.

Configuration Verified Correct

  • Claude in Chrome connector: Enabled (Settings > Connectors)
  • Allow all browser actions: ON (Settings > General)
  • Computer use: Enabled
  • Chrome Native Messaging Host: Registered (com.anthropic.claude_browser_extension in HKCU registry)
  • Native host executable exists: %APPDATA%\Claude\ChromeNativeHost\chrome-native-host.exe
  • Extension ID in allowed_origins: Yes (fcoeoabgfenejglbffodgkkbkcdhcgfn)

Related GitHub Issues

  • #48806 - Claude in Chrome + Control Chrome Failures in Cowork Mode
  • #44541 - Chrome Connection not possible with Cowork
  • #41034 - Claude in Chrome - all sites blocked in Cowork mode (was working previously)

Request

Please investigate the server-side bridge authentication at bridge.claudeusercontent.com for this account. The OAuth token exchange works but the bridge rejects the token with 403, suggesting a missing scope that the desktop app should be requesting but isn't, or a server-side permission that needs to be granted for this account.

Claude Model

Not sure / Multiple models

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

Claude Desktop Version: 1.5354.0 (MSIX, installed April 29, 2026)

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Windows Terminal

Additional Information

Bug Report: Claude in Chrome Bridge Failure in Cowork Mode After Desktop Update

Summary

After updating Claude Desktop to version 1.5354.0 on April 29, 2026, the Claude in Chrome bridge connection fails with OAuth token forbidden (403) - missing scope or org access. The Chrome extension works perfectly standalone in the browser, but Cowork sessions cannot connect to it.

Environment

  • Claude Desktop Version: 1.5354.0 (MSIX, installed April 29, 2026)
  • OS: Windows 11 (10.0.26200), CoreSingleLanguage, x64
  • Chrome Extension Version: 1.0.69 (Claude in Chrome Beta)
  • Chrome Extension ID: fcoeoabgfenejglbffodgkkbkcdhcgfn
  • Plan: Pro ($21/month, active, last invoice April 23, 2026)
  • Account Email: rafatawad81@gmail.com

Steps to Reproduce

  1. Update Claude Desktop to version 1.5354.0
  2. Open Chrome with Claude in Chrome extension installed and signed in
  3. Open a Cowork session
  4. Attempt any browser tool (e.g., tabs_context_mcp)
  5. Connection fails with "Claude in Chrome is not connected"

Expected Behavior

Cowork session connects to the Chrome extension via the bridge and browser tools work normally (this was working before the update).

Actual Behavior

The bridge WebSocket connects to wss://bridge.claudeusercontent.com/chrome/ but is immediately rejected with HTTP 403.

Error from logs (%APPDATA%\Claude\logs\main.log):

[Claude in Chrome] Connecting to bridge: wss://bridge.claudeusercontent.com/chrome/a4d76241-7a8e-41ec-9197-2362ddedb96a
[Claude in Chrome] WebSocket connected, sending connect message
[warn] [Claude in Chrome] Bridge error: OAuth token forbidden (403) - missing scope or org access
[Claude in Chrome] Bridge connection closed (code: 1008, duration: 0ms)

Token scope details:

[oauth] looking up token for orgId=e8ac4c31-35a4-426c-a71e-ed845a4acc85, 
cacheKey=89355bc3-cbfd-4382-905b-976645cad410:e8ac4c31-35a4-426c-a71e-ed845a4acc85:
https://api.anthropic.com:user:inference user:office

The token scopes are user:inference user:office. The Chrome bridge rejects this token.

What I've Already Tried (All Failed)

  1. Reloading the Chrome extension (toggle off/on in chrome://extensions)
  2. Restarting Chrome
  3. Restarting Claude Desktop
  4. Signing out and back into Claude Desktop (fresh OAuth token obtained, still 403)
  5. Clearing Session Storage to force token refresh
  6. Toggling Claude in Chrome connector off/on in Settings > Connectors
  7. Full uninstall/reinstall of Claude Desktop

Key Diagnostic Finding

Even after a full sign-out/sign-in cycle, the NEW token still gets 403:

[oauth] no cached token found for orgId=e8ac4c31-35a4-426c-a71e-ed845a4acc85
[oauth] performing fresh oauth exchange for orgId=e8ac4c31-35a4-426c-a71e-ed845a4acc85
[oauth] obtained new token for orgId=e8ac4c31-35a4-426c-a71e-ed845a4acc85, caching
...
[warn] [Claude in Chrome] Bridge error: OAuth token forbidden (403) - missing scope or org access

This confirms the issue is server-side, not a cached token problem.

Configuration Verified Correct

  • Claude in Chrome connector: Enabled (Settings > Connectors)
  • Allow all browser actions: ON (Settings > General)
  • Computer use: Enabled
  • Chrome Native Messaging Host: Registered (com.anthropic.claude_browser_extension in HKCU registry)
  • Native host executable exists: %APPDATA%\Claude\ChromeNativeHost\chrome-native-host.exe
  • Extension ID in allowed_origins: Yes (fcoeoabgfenejglbffodgkkbkcdhcgfn)

Related GitHub Issues

  • #48806 - Claude in Chrome + Control Chrome Failures in Cowork Mode
  • #44541 - Chrome Connection not possible with Cowork
  • #41034 - Claude in Chrome - all sites blocked in Cowork mode (was working previously)

Request

Please investigate the server-side bridge authentication at bridge.claudeusercontent.com for this account. The OAuth token exchange works but the bridge rejects the token with 403, suggesting a missing scope that the desktop app should be requesting but isn't, or a server-side permission that needs to be granted for this account.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗