[BUG] OAuth callback server hangs after authorization - setup-token and /login both fail
Resolved 💬 16 comments Opened Oct 11, 2025 by jadenschwartz22-ops Closed Apr 24, 2026
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
I'm experiencing a critical authentication issue with Claude Code where all OAuth-based authentication methods fail to complete.
Environment:
- macOS version: 15.6.1 (Build 24G90)
- Node.js version: v22.20.0
- npm version: 10.9.3
- Claude Code version: 2.0.14
- Shell: zsh
Steps to Reproduce:
Method 1: claude setup-token
- Run
claude setup-token - Browser opens to claude.ai OAuth authorization page
- Click "Authorize"
- Browser redirects to
http://localhost:[PORT]/callbackbut hangs/loads indefinitely - Terminal shows no errors, just sits at "Opening browser to sign in..."
- Verified with
lsof -i :[PORT]that the callback server IS listening on the port - Manually accessing
http://localhost:[PORT]/callbackin browser also hangs
Example URL after clicking authorize:
What Should Happen?
OAuth callback should complete successfully and authentication token should be stored and work properly.
Error Messages/Logs
No error messages displayed - the callback server hangs indefinitely.
API Error when OAuth token is eventually created:
401 - Invalid bearer token - Please run /login
Steps to Reproduce
Method 1: claude setup-token
- Run
claude setup-tokenin terminal - Browser opens to https://claude.ai/oauth/authorize
- Click "Authorize" button
- Browser redirects to
http://localhost:[PORT]/callback - Page hangs/loads indefinitely - never completes
- Terminal shows "Opening browser to sign in..." but never progresses
- Verified callback server IS listening with:
lsof -i :[PORT] - Server is running but not responding to callback requests
Method 2: /login command
- Start Claude Code:
claude - Run
/logincommand - Same authorization flow - browser opens
- Click "Authorize"
- Terminal shows "Creating API key for Claude Code..."
- Hangs indefinitely, never completes
Method 3: OAuth token created but doesn't work
- After waiting ~5+ minutes, oauth flow eventually succeeded once
- Token was displayed in terminal
- Set token as environment variable:
export CLAUDE_CODE_OAUTH_TOKEN="[token]" - Run
claude "test" - Get error:
API Error: 401 - Invalid bearer token - Please run /login
Claude Model
None
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
2.0.14 (Claude Code)
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
- Verified with
lsof -i :[PORT]that the callback server is listening on the port but not responding to requests - Not using VPN or corporate firewall
--debugflag shows no additional information- Directory trust prompts also sometimes freeze (possibly related issue)
- Manual API key from console.anthropic.com works perfectly as a workaround
16 Comments
Found 3 possible duplicate issues:
This issue will be automatically closed as a duplicate in 3 days.
🤖 Generated with Claude Code
This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.
I have also encountered this issue when attempting to log in via a VS Code devcontainer. The localhost port is being forwarded to the host machine, but when I click Authorize, the browser cannot complete the redirect to the localhost address and hangs indefinitely.
@tobz1000
In my case, OAuth callback failed in a VS Code Dev Container because Claude Code was listening only on IPv6 (::1), while the browser / VS Code port forwarding accessed the callback via IPv4 (127.0.0.1).
I confirmed this with:
which showed:
As a workaround, I bridged IPv4 → IPv6 using
socat:After this, the redirect to
http://localhost:<PORT>/callbacksuccessfully reached Claude Code and OAuth completed.@tobz1000
In my case, I solved it by pasting the URL that the authorization returns into a second terminal (I have replaced the genuine key with XXX):
curl -s "http://localhost:41581/callback?code=XXXXXXXXXXXXXX&state=_sR-nt5-XXXXXXXXXXXXXX"And when I returned to the terminal where it asked me to paste the "code", I was already authorized.
By the way, my Claude Code runtime environment is Docker with Code-Server under a Synology NAS.
Encountered the same issue, the reason being that the callback server binds to [::1]:PORT (IPv6 only):
VSCode's port forwarding sends traffic to 127.0.0.1 (IPv4), which never reaches the IPv6-bound server.
Workaround which avoids adding tunnels or fiddling the the callback URL:
Add to devcontainer.json:
This forces Node.js to resolve localhost to IPv4 first, making the callback server bind to 127.0.0.1.
None of the listed workarounds are working for me. Any chance we can get this fixed?
Im having the same issue, unable to log in
This solution worked for me well after using quotes in the two parameters for
socat.Environment: Claude Code v2.1.42, VS Code devcontainer (Docker), Node.js v22.14.0, tmux as default terminal profile. The issue reproduces in both tmux and plain zsh terminals within the devcontainer, ruling out tmux as a contributing factor.
Root cause: Claude Code's OAuth callback server binds exclusively to IPv6 loopback (
::1:<port>). VS Code's port forwarding tunnels hostlocalhost:<port>traffic to127.0.0.1:<port>(IPv4) inside the container, which never reaches the IPv6-only listener. The browser redirect tohttp://localhost:<port>/callbackhangs indefinitely.Confirmed this with
netstat -ltnpinside the container, where34245is the random port Claude Code has chosen in the redirect url:``` sh
tcp6 0 0 ::1:34245 :::* LISTEN 15037/claude
After this, Claude Code's callback server binds to
127.0.0.1, VS Code's port forwarding works, and OAuth login within the browser completes successfully. This can be added to apostCreateCommandor dotfiles install script for persistence across rebuilds.Confirmed this with
netstat -ltnpinside the container, where34903is the random port Claude Code has chosen in the redirect url:``` sh
tcp 0 0 127.0.0.1:34903 0.0.0.0:* LISTEN 21484/claude
I found another workaround based off of @bradleybeddoes solution above. The workaround uses this
net.ipv6.conf.all.disable_ipv6kernel parameter and doesn't require fanagling with the/etc/hostsfile that should ideally be read only.tl;dr: Set
net.ipv6.conf.all.disable_ipv6=1when you run the containerExample Docker command
Example
compose.ymlExample
devcontainer.jsonThank you @santyclaz!
Adding this to my
devcontainer.jsonworked:(note the separate strings for sysctl)
I have also encountered this issue in both terminal based claude-code, as well as via vs-code. The the auth-flow redirect back to the client never completes because it is listening on IPV6 only and the request goes to IPV4
I’m experiencing the same issue. When I try to log in to Claude both in the CLI and in the browser I receive the following error message:
Closing for now — inactive for too long. Please open a new issue if this is still relevant.
This issue has been automatically locked since it was closed and has not had any activity for 7 days. If you're experiencing a similar issue, please file a new issue and reference this one if it's relevant.