[BUG] firstParty dispatch returns 401 "User not found" for a valid OAuth token that the standard API accepts (VSCode remote-SSH ext 2.1.185)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report
- [x] I am using the latest version of Claude Code
Why this is NOT a duplicate
This keeps getting conflated with other auth 401s, but the fingerprint is distinct: **a valid OAuth token that the public API accepts is rejected only on the binary's internal firstParty dispatch path, with the specific string "User not found".** Relogin/reload/reinstall do not help, because the token is provably valid (curl proof below).
It is not:
- #69706 —
401 Invalid authentication credentials/Please run /login, Windows/Pro, fixed by relogin. Different message, different platform, and relogin does nothing here because the token is already valid. - #70089 — interactive turns silently no-op with 0 tokens and no
/v1/messagesrequest made (Team seat). Here a request is made and returns an explicit401 "User not found". - #1305 / #1484 —
OAuth account information not found in config, a local config-parse error. This is a server-side401, not a config problem. - #5167 —
Invalid API key · Please run /login. Different error string and code path. - #24106 —
Session not found(403) on--teleport. Different surface, different code.
The defining trait — public API accepts the token (200/429) while the firstParty route returns 401 "User not found" for the same token in the same session — does not appear in any existing issue. Please don't close as a duplicate of the above without checking the curl evidence.
What's Wrong?
On the VSCode extension (anthropic.claude-code 2.1.185, running as a remote-SSH extension on Linux), every request the binary routes to its firstParty path fails with a 401:
[API:timing] dispatching to firstParty model=claude-opus-4-8[1m]
API error (attempt 4/11): 401 {"error":{"message":"User not found.","code":401}}
It retries 11 times and never succeeds, so session-title generation (and any opus-4-8 / 1M-context request) is permanently broken.
The OAuth token is valid — the failure is specific to the firstParty route, not the credentials. I verified this by pulling the access token straight out of ~/.claude/.credentials.json and calling the API directly with it:
GET /api/oauth/profile→ 200 (correct account, Max plan, subscription active)POST /v1/messages(haiku) → 200 (normal completion)POST /v1/messages(opus-4-8) → 429rate_limit_error(i.e. accepted, just rate-limited)
So the same token the extension uses is accepted by the public endpoint, but the binary's firstParty dispatch rejects it with "User not found". Haiku requests (which don't go firstParty) work fine in the very same session.
Ruled out as causes:
- Stale token — credentials were freshly refreshed; the on-disk token works (above).
- Window reload / relogin — reloaded the VSCode window, still fails.
- Env overrides — no
ANTHROPIC_API_KEY/ANTHROPIC_BASE_URL; the binary's debug log showsANTHROPIC_CUSTOM_HEADERS present: false. - Keyring / secret store — none present on the remote host.
- Settings — no
settings.json/settings.local.jsonoverrides.
This looks like a server-side account-mapping gap on the first-party inference gateway: a user that the public API and OAuth identity service both recognize, but that the firstParty route cannot resolve.
What Should Happen?
A valid OAuth token that the standard API accepts should also be accepted by the firstParty dispatch path. firstParty requests (opus-4-8 / 1M context, session-title generation) should succeed — or, at minimum, the client should surface an actionable error and fall back, rather than hard-looping 11× on a 401 "User not found".
Error Messages/Logs
# Extension debug log (Anthropic.claude-code / "Claude VSCode.log"), after a window reload:
[DEBUG] [API:request] Creating client, ANTHROPIC_CUSTOM_HEADERS present: false, has Authorization header: false
[DEBUG] [API:auth] OAuth token check starting
[DEBUG] [API:auth] OAuth token check complete
[DEBUG] [API:timing] dispatching to firstParty model=claude-opus-4-8[1m]
[ERROR] API error (attempt 1/11): 401 401 {"error":{"message":"User not found.","code":401}}
... (retries through attempt 11/11, all identical) ...
# Same OAuth token (from ~/.claude/.credentials.json) tested directly — token is valid:
$ curl .../api/oauth/profile -> HTTP 200 (account ok, has_claude_max:true, subscription active)
$ curl .../v1/messages model=haiku -> HTTP 200
$ curl .../v1/messages model=opus-4-8 -> HTTP 429 {"type":"rate_limit_error"} # accepted, just rate-limited
Environment
- Extension:
anthropic.claude-code-2.1.185-linux-x64(native-binary), Agent SDK 0.3.185 claude --version: 2.1.185 (Claude Code)- Surface: VSCode remote-SSH (extension runs on the remote host)
- OS: Ubuntu 24.04.4 LTS, Linux 6.8.0-124-generic x86_64
- Auth: claude.ai OAuth, Max plan
- Affected route: internal
firstPartydispatch (opus-4-8, 1M context); standard endpoint unaffected
---
Transparency note: this issue was investigated with Claude Code (running on a separate, working host connected to the affected machine over SSH) and this report was drafted by Claude. The curl tests, log excerpts, and environment details above were gathered from the affected host during that session and verified by me before filing.
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗