[BUG] Claude in Chrome v1.0.70: Account-level OAuth scope missing on Max plan causes infinite retry loop, side panel flicker, and forced logout
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
⚠️ Routing note for triagers
This is a Claude in Chrome browser extension bug. Filing here per established practice — this repository tracks browser-extension issues with the area:browser-extension label (see #46514, #50157, #34176, #29628, #48806).
A previous submission was auto-labeled invalid by the bot. Requesting human review and the area:browser-extension label.
---
Summary
The Claude in Chrome side panel and options page both flicker every 10–20 seconds and force-redirect to login every 1–2 minutes, destroying all conversation context.
The WebSocket bridge bridge.claudeusercontent.com persistently rejects OAuth tokens issued to my Max-plan account with a non-transient 403, but the extension retries indefinitely instead of surfacing the error.
Reproduces on 2 different devices with fresh installations — confirming this is a server-side account-level provisioning issue, not a local problem.
---
Network behavior (from HAR capture, 5 minutes)
The following loop repeated 25 times in a 5-minute window:
POST https://platform.claude.com/v1/oauth/token→200 OK(fresh token issued)- WebSocket connect to
wss://bridge.claudeusercontent.com/chrome/<bridge_id> - Client sends:
{
"type": "connect",
"client_type": "chrome-extension",
"extension_version": "1.0.70",
"os_platform": "Windows",
"device_id": "<uuid>",
"oauth_token": "sk-ant-oat01-..."
}
- Bridge replies:
{
"type": "error",
"error": "OAuth token forbidden (403) — missing scope or org access",
"reason": "upstream_403",
"upstream_status": 403,
"transient": false
}
- WebSocket closes, panel re-renders (visible flicker)
GET /api/oauth/profile→200 OK- Loop restarts within ~15 seconds
In 5 minutes: 25 retry cycles, 116 total requests. Every freshly minted token gets the same 403.
---
Two distinct bugs
Bug 1 — Server-side: Missing OAuth scope for Max account
The bridge requires a scope/claim that my account's tokens are not carrying, despite an active Max subscription. /api/oauth/profile returns 200 (auth works), only the bridge rejects.
Bug 2 — Client-side: Infinite retry on transient: false
The extension ignores the explicit "transient": false flag and retries indefinitely with no backoff. Each retry tears down side-panel UI state, causing the flicker and eventual forced logout. Even when Bug 1 is fixed, this client behavior turns any future non-transient error into a data-destroying loop.
---
Multi-device verification (proves server-side)
Tested on 2 different Windows machines:
- Fresh Chrome profiles on each
- Fresh extension installation on each
- Different OAuth tokens (rotated per retry)
- Different sessions
- Same identical 403 on both
Rules out: local cache, stale tokens, extension corruption, Chrome profile state, cookies, browser version. The bug follows my account, not the device.
---
Settings verified correct
- Plan: Max (active, $88.47/mo, auto-renews May 29, 2026)
/api/oauth/profilereturns 200- claude.ai → Settings → Claude in Chrome: "Allow extension"
- No blocked sites
- Latest Chrome version
- Extension enabled at
chrome://extensions - Service worker:
ACTIVATED + RUNNING, version 76, console log empty (perchrome://serviceworker-internals)
---
Affected pages
The flicker affects all extension UI pages with shared auth state:
chrome-extension://fcoeoabgfenejglbffodgkkbkcdhcgfn/sidepanel.htmlchrome-extension://fcoeoabgfenejglbffodgkkbkcdhcgfn/options.html
Even the Claude in Chrome settings page itself flickers while open. Rules out side-panel-specific React state corruption.
---
Tangential observations
CSP violations on options.html#options:8 (likely separate Manifest V3 compliance issues, not the OAuth bug):Executing inline script violates 'script-src 'self''
Loading the script 'https://cdn.segment.com/.../amplitude-plugins/...' violates "script-src 'self'"
at assets/useStorageState-zNVna44X.js:3
Build artifact service-worker.ts-gaAAsstG.js retains .ts extension before content hash — minor build pipeline note.
---
Suspected root causes for engineering
- Stale org metadata on the account
- Account migration that didn't propagate the bridge scope
- Region-specific feature flag (account in Bangkok, Thailand)
- Token issuance pipeline not attaching the bridge scope for Max tier
---
Suggested fixes
Server (Bug 1):
- Audit OAuth scope assignment for Max accounts
- Investigate this account's specific provisioning state
- Add server-side logging when bridge rejects an authenticated user (currently invisible)
Client (Bug 2):
- Honor
"transient": false— stop retrying, show actionable error UI - Add exponential backoff and retry cap regardless of error type
- Decouple side-panel UI state from WebSocket lifecycle (preserve conversation across reconnects)
---
Support escalation already attempted
- Filed support ticket via support.claude.com chat
- AI agent (Fin) confirmed inability to access account state or escalate to engineering
- Conversation ID:
215474228853141(for cross-reference if needed)
---
Available evidence (private — contains credentials)
- HAR files from 2 devices (~5 min each, contain rotating OAuth tokens)
- Service worker internals snapshot
- DevTools console output
- Settings page screenshots
⚠️ HAR files cannot be posted publicly. Please request via secure channel.
What Should Happen?
- Have a Max-plan account in the affected provisioning state (account-specific — confirmed by multi-device test in description)
- Install Claude in Chrome v1.0.70 from Chrome Web Store
(Extension ID: fcoeoabgfenejglbffodgkkbkcdhcgfn)
- Sign in with the affected Max account
- Open the side panel and start a conversation
- Open DevTools on the side panel → Network tab → enable "Preserve log"
- Wait 10–20 seconds during normal use
Observed (repeats every ~15 seconds):
a. POST https://platform.claude.com/v1/oauth/token → 200 OK
b. WebSocket to wss://bridge.claudeusercontent.com/chrome/<id>
c. Bridge returns 403: "OAuth token forbidden — missing scope or org access" with "transient": false
d. WebSocket closes
e. Side panel flickers (visible re-render)
f. Loop restarts
After ~5–10 cycles: forced redirect to login screen, conversation context permanently lost.
To verify it's account-level rather than local:
- Repeat steps 2–6 on a different machine with a fresh Chrome profile
- Same 403 occurs immediately
Error Messages/Logs
Steps to Reproduce
- Have a Max-plan account in the affected provisioning state (account-specific — confirmed by multi-device test in description)
- Install Claude in Chrome v1.0.70 from Chrome Web Store
(Extension ID: fcoeoabgfenejglbffodgkkbkcdhcgfn)
- Sign in with the affected Max account
- Open the side panel and start a conversation
- Open DevTools on the side panel → Network tab → enable "Preserve log"
- Wait 10–20 seconds during normal use
Observed (repeats every ~15 seconds):
a. POST https://platform.claude.com/v1/oauth/token → 200 OK
b. WebSocket to wss://bridge.claudeusercontent.com/chrome/<id>
c. Bridge returns 403: "OAuth token forbidden — missing scope or org access" with "transient": false
d. WebSocket closes
e. Side panel flickers (visible re-render)
f. Loop restarts
After ~5–10 cycles: forced redirect to login screen, conversation context permanently lost.
To verify it's account-level rather than local:
- Repeat steps 2–6 on a different machine with a fresh Chrome profile
- Same 403 occurs immediately on the second device
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
N/A — this is a Claude in Chrome browser extension bug, not a Claude Code CLI bug. Claude in Chrome extension version: 1.0.70 Extension ID: fcoeoabgfenejglbffodgkkbkcdhcgfn
Platform
Other
Operating System
Windows
Terminal/Shell
Other
Additional Information
_No response_
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗