[BUG] OAuth login succeeds but token is never persisted — doctor reports "macOS Keychain is not writable" while keychain writes work fine from terminal (native 2.1.205, darwin-arm64)

Open 💬 0 comments Opened Jul 9, 2026 by ccward442

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

/login (and claude auth login) completes successfully, but the OAuth token is never persisted. Every subsequent message fails with Not logged in · Please run /login, and claude auth status shows authMethod: none immediately after a successful login.

claude doctor reports:

1 warning found
- macOS Keychain is not writable. Console login will fail to save your API key.

However, the keychain itself is healthy — writes from the same terminal session work fine. Only Claude Code fails to write to it:

$ security show-keychain-info ~/Library/Keychains/login.keychain-db
Keychain "..." no-timeout   # unlocked, never auto-locks

$ security add-generic-password -a "$USER" -s "test-write" -w "hello" && echo "WRITE OK"
WRITE OK                     # terminal can write to keychain fine

$ security find-generic-password -a "$USER" -s "Claude Code-credentials" -w
The specified item could not be found in the keychain.   # after successful /login — nothing was written

~/.claude/.credentials.json (created manually with 600 perms) also remains 0 bytes after login. ~/.claude is owned by my user with normal permissions. No ANTHROPIC_* env vars set. No apiKeyHelper in settings.

The issue started after auto-update to 2.1.205 on 2026-07-09. No system changes were made on my side.

Environment:

  • Claude Code version: native 2.1.205 (commit 4cf2699a1427)
  • Platform: darwin-arm64 (MacBook Pro, Apple Silicon)
  • Install method: native
  • Auto-update channel: latest — last update: success → 2.1.205 (2026-07-09)
  • Shell: zsh, local terminal (not SSH)

What I tried (no effect):

  • security unlock-keychain (succeeds, warning persists)
  • Deleting old Claude Code-credentials keychain entries before re-login
  • Creating empty ~/.claude/.credentials.json (chmod 600) as file fallback
  • Clean reinstall via curl -fsSL https://claude.ai/install.sh | bash — doctor still shows the same warning on a fresh install

Workaround: claude setup-token + CLAUDE_CODE_OAUTH_TOKEN env var works, confirming the account/OAuth flow is fine and only credential persistence is broken.

Related issues:

  • #25069 — same symptom on macOS native 2.1.39 (login succeeds, keychain entry never created, only CLAUDE_CODE_OAUTH_TOKEN works). Still reproducible on 2.1.205.
  • #44585 — same "login succeeds but auth never persisted" on Windows.
  • #48162 — same doctor warning ("macOS Keychain is not writable") but different root cause: that issue is a -25299 "item already exists" on re-add, while in my case no entry exists at all after login.

What Should Happen?

After a successful /login, the OAuth token should be persisted to the macOS Keychain (or the ~/.claude/.credentials.json fallback), and subsequent messages should authenticate normally. claude auth status should return loggedIn: true.

If credential persistence fails, login should surface the storage error loudly instead of reporting "Login successful" while silently dropping the token — the current behavior leaves the user in a confusing login loop with no indication of the real cause.

Error Messages/Logs

Steps to Reproduce

  1. macOS (Apple Silicon), Claude Code native 2.1.205, auto-updated on 2026-07-09
  2. Run claude, then /login (or run claude auth login from the terminal)
  3. Complete the browser OAuth flow with a claude.ai account → terminal shows "Login successful"
  4. Send any message in the session → fails with Not logged in · Please run /login
  5. Run claude auth status{"loggedIn": false, "authMethod": "none", "apiProvider": "firstParty"}
  6. Check the keychain: security find-generic-password -a "$USER" -s "Claude Code-credentials" -w → "The specified item could not be found in the keychain"
  7. Verify the keychain is writable from the same terminal: security add-generic-password -a "$USER" -s "test-write" -w "hello" → succeeds

Claude Model

None

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.205

Platform

Other

Operating System

macOS

Terminal/Shell

Cursor

Additional Information

_No response_

View original on GitHub ↗