[BUG] Claude dropped a character from user-supplied Team ID when generating JWT, then treated broken token as source of truth — caused months of silent API failures
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When Claude Code generates code containing a user-supplied identifier (in this case an Apple Developer Team ID provided for JWT generation), it can silently drop characters from that identifier. The resulting credential looks valid but is wrong. In a follow-up session, Claude then decoded the broken JWT it had previously generated and used the corrupted value as the Team ID for all further debugging — treating its own broken output as the authoritative source of truth rather than asking the user to re-verify against their Apple Developer Portal. The user confirmed the wrong Team ID when asked because they were comparing against the value Claude presented, not their portal. This compounded the original error and made the root cause nearly impossible to find without the user independently noticing zero API usage in their portal.
What Should Happen?
When generating any code or artifact that embeds a user-supplied identifier (Team ID, Key ID, ARN, project ID, client ID, etc.), Claude should echo every value back explicitly and ask the user to confirm each one against its authoritative source before proceeding. Claude should never re-derive a credential or identifier from a previously generated artifact — it must always go back to the original source. If a previously generated token or credential is being debugged, Claude should ask the user to independently verify all embedded values rather than decoding and trusting the token's contents.
Error Messages/Logs
Steps to Reproduce
Tell Claude Code (v2.1.179, cloud) to generate a JWT for Apple WeatherKit REST API, providing your Apple Developer Team ID
Claude generates the JWT with a character silently dropped from the Team ID
The JWT is embedded in a prompt or config and used for API calls — all calls fail silently with 401 NOT_ENABLED
In a new session, ask Claude to debug the WeatherKit 401 NOT_ENABLED error
Claude decodes the JWT, extracts the corrupted Team ID, and uses it as the basis for all further testing
Ask Claude "does your Team ID match X?" — user compares against Claude's corrupted value and confirms yes
Hours of debugging follow the wrong root cause; the character-drop is never found unless the user independently checks their portal
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.179
Platform
Other
Operating System
Other
Terminal/Shell
Other
Additional Information
using Claude Code in the web