[BUG] Persistent authentication loop across VS Code extension, CLI, and email login flow

Open 💬 1 comment Opened Jul 7, 2026 by Olengard

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Bug Report: Persistent authentication loop across VS Code extension, CLI, and email login flow

Environment

  • OS: Windows 11 Pro
  • Claude Code CLI version: 2.1.202
  • Claude Code VS Code extension (also affected)
  • Install method: native installer (irm/iex)

Summary

Over the course of a single troubleshooting session, authentication has failed in escalating and shifting ways across every available login surface, while my claude.ai account itself remains fully functional (verified by using it throughout this process).

Timeline of symptoms (chronological)

  1. VS Code extension: OAuth login loop. Browser shows successful authorization, but the extension never transitions to an authenticated state and repeatedly re-prompts for login.
  2. Attempted fix: Claude Code: Sign Out + Developer: Reload Window in VS Code — no change, identical loop.
  3. Attempted fix: Installed Claude Code CLI natively (previously not installed; confirmed via claude --version2.1.202).
  4. CLI login (claude): Same infinite loop pattern, but via email magic-link instead of browser OAuth — authorize, then immediately prompted for a new login again, triggering a new email, repeating indefinitely.
  5. Verified claude.ai login independently: Web account works correctly (used to write this report).
  6. Next attempt: Email link sending itself started failing outright — "Si è verificato un errore nell'invio del link di accesso" (error sending the login link).
  7. VS Code extension, tried again later: now returns request failed with status code 400.

What this rules out

  • Not a local PATH/installation issue (CLI installed and verified working via --version)
  • Not a network/VPN/firewall localhost-callback issue (confirmed by the CLI also failing via email flow, not just OAuth callback)
  • Not an account-level issue (claude.ai login itself works fine)

claude doctor output (relevant excerpt)

Remote Control ‼
├ Remote Control requires a claude.ai subscription. Run claude auth login to sign in with your claude.ai account.
├ Not signed in to claude.ai
├ claude.ai subscription auth not active
└ Sign-in is missing the user:profile scope

Note: The last line — "Sign-in is missing the user:profile scope" — may point to the root cause: the OAuth handshake appears to complete but the resulting session/token lacks a required scope, which could explain why the client never reaches a fully authenticated state and keeps re-prompting.

Context

I noticed status.claude.com reported an incident on July 6, 2026 explicitly affecting "claude.ai and OAuth log-in for Claude Code," resolved the same day. My symptoms began around/after that window. It's unclear whether this is a residual effect of that incident or a separate, ongoing issue, since the extension is still returning a 400 error at the time of writing.

Support channel notes

I attempted to open a ticket via support.claude.com; the Fin AI assistant was not able to help beyond generic self-service suggestions that didn't apply, given the above already ruled those out. Opening this issue for visibility, per the pattern in similar reports (e.g. #36797, #57164, #60022).

Request

Could someone confirm whether this is a known residual auth-routing issue, and/or escalate for investigation? The claude doctor output above suggests the OAuth session may be missing the user:profile scope — if that's a known/fixable server-side issue, that would be very helpful context. Happy to provide additional logs if useful.

Related issues

Possibly related to #33122, which reports a similar Windows/VS Code
auth loop with a credential-storage-conflict hypothesis
(~/.claude.json being overwritten between CLI and extension).
My case additionally surfaces a missing user:profile scope via
claude doctor, which may point to a related or overlapping
root cause.

Additional context

Claude Desktop app (Cowork + Claude Code tabs) remains authenticated
and fully functional throughout this issue, suggesting the problem
is isolated to the VS Code extension and standalone CLI auth flows
specifically, rather than an account-wide block.

What Should Happen?

Expected behavior

After completing OAuth authorization or clicking the emailed magic link, the client should reach a fully authenticated state and not re-prompt for login.

Actual behavior

Login never completes across any of the three surfaces tried (VS Code extension, CLI OAuth, CLI email link), with the failure mode shifting over time (loop → email send failure → HTTP 400).

Error Messages/Logs

Steps to Reproduce

Steps to Reproduce

  1. Have an active claude.ai account/subscription (verified working via web login)
  2. Install Claude Code VS Code extension
  3. Trigger login from the extension (click Login / run /login)
  4. Complete the OAuth authorization in the browser — browser shows success
  5. Observe: extension does not transition to authenticated state, re-prompts for login (infinite loop)
  6. Run Claude Code: Sign Out from Command Palette, then Developer: Reload Window
  7. Retry login from step 3 — identical loop persists
  8. Install Claude Code CLI natively (irm https://claude.ai/install.ps1 | iex), confirm with claude --version
  9. Run claude from terminal to trigger CLI login (email magic-link flow this time)
  10. Authorize via the emailed link — observe: prompted for a new login again, triggering another email, repeating indefinitely
  11. Run claude doctor — output shows Sign-in is missing the user:profile scope under Remote Control
  12. Retry login again later — email sending itself now fails ("error sending the login link")
  13. Retry VS Code extension login again — now returns request failed with status code 400

Expected behavior

After completing OAuth authorization (step 4) or clicking the emailed magic link (step 10), the client should reach a fully authenticated state and not re-prompt for login.

Actual behavior

Login never completes across any of the three surfaces tried (VS Code extension, CLI OAuth, CLI email link), with the failure mode shifting over time (loop → email send failure → HTTP 400).

Claude Model

Not sure / Multiple models

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.202

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

PowerShell

Additional Information

_No response_

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗