Claude Max subscribers required to re-authenticate daily — OAuth refresh token TTL too short
Summary
On a Claude Max subscription, claude auth status shows logged out every day, requiring a manual claude login to resume work. The OAuth refresh token issued by claude.ai expires on a daily cadence with no silent renewal.
Environment
- Claude Code version: 2.1.196
- Auth method: claude.ai (OAuth, first-party)
- Subscription: Max
- OS: macOS (Darwin 27.0.0)
- Shell: zsh
What happens
- Start a new terminal session or resume a long-running Claude Code session the next day
- Claude Code reports logged out / requires login
claude loginopens a browser tab, completes in ~10 seconds, then resumes- Repeat every day
What I investigated
- Auth token is stored in macOS keychain under "Claude Safe Storage" — keychain entry is intact, not being cleared
~/.claude/.claude.jsonis correct (userID only, token in keychain per v2.1.x design)- No local config or script is clearing credentials
- The expiry is server-side: the refresh token issued by claude.ai has a short TTL and cannot be silently renewed once expired
Expected behavior
Max subscribers should receive a refresh token with a substantially longer TTL (30–90 days, similar to most OAuth-based developer tools), or Claude Code should silently re-authenticate using the active claude.ai session without user intervention.
Why this matters
Max is the top-tier paid plan. Daily re-authentication creates friction for users running long-lived sessions (e.g., background agents, persistent terminal setups). The API key alternative solves the problem but adds cost on top of an existing Max subscription, which is not a reasonable workaround for a paid-tier user.
Request
Extend the refresh token TTL for claude.ai OAuth sessions used by Claude Code, or implement silent re-auth via the browser session cookie, for Pro and Max subscribers.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗