Skip to content

Claude provider: Claude Code-credentials keychain item holds only mcpOAuth entries on Claude Code 2.1.x → ClaudeOAuthCredentialsError + hourly "delegated CLI refresh" opens the default browser #1844

Description

@mira-semera

TL;DR: On Claude Code 2.1.196 the keychain item Claude Code-credentials no longer contains the Claude OAuth credentials CodexBar expects — it holds only mcpOAuth state for MCP servers. CodexBar therefore fails to parse credentials (ClaudeOAuthCredentialsError), treats the token as expired, and every ~64 minutes runs a "delegated Claude CLI refresh" whose recovery path calls /usr/bin/open — launching the user's default browser (Firefox), even right after the user quit it. Before I switched Usage source to OAuth API and Claude cookies to Manual, the same failure also drove a much faster retry loop (opens every 20 s–3 min).

Environment

  • CodexBar 0.37.2 (build 92) — latest per appcast as of 2026-07-02
  • macOS 26.3 (25D125)
  • Claude Code CLI 2.1.196, Enterprise plan, logged in and working (sessions run fine)
  • Default browser: Firefox 152.0.3
  • Settings already tried: Usage source = OAuth API, Claude cookies = Manual, provider toggled off

Smoking gun — keychain payload

security find-generic-password -s "Claude Code-credentials" -w returns a 1562-byte JSON whose only top-level key is mcpOAuth (entries for MCP servers: craft, plugin:slack:slack, kosik, plugin:figma:figma; their accessToken fields are even empty strings). There is no Claude OAuth key (no accessToken/refreshToken/expiresAt for claude.ai). Claude Code evidently stores its main OAuth token elsewhere now.

This matches CodexBar's log exactly:

[com.steipete.codexbar:claude-usage] Claude keychain security CLI output invalid; falling back
  (callerInteraction=background parse_error_type=ClaudeOAuthCredentialsError payload_bytes=1561 reader=securityCLI status=0)
[com.steipete.codexbar:claude-usage] Claude OAuth delegated refresh touch did not update Claude keychain
[com.steipete.codexbar:claude-usage] Claude OAuth delegated refresh attempted (outcome=attemptedFailed)

The dropdown shows: "Claude OAuth token expired and delegated Claude CLI refresh failed: Claude keychain did not update after Claude CLI touch. Run claude login, then retry." Re-login does not help — the CLI writes the token to the new location, not into Claude Code-credentials.

Browser-opening evidence

Every delegated refresh ends in an open call that launches the default browser. macOS tccd attribution:

responsible={TCCDProcess: identifier=com.steipete.codexbar, .../CodexBar.app/Contents/MacOS/CodexBar}
accessing={TCCDProcess: identifier=com.apple.open, binary_path=/usr/bin/open}

LaunchServices: _LSLaunchRB(org.mozilla.firefox, event=GURL/GURL, ...).

Cadence over one night (exact ~64 min 12 s period): 23:12:55, 00:17:07, 01:21:19, 02:25:31, 03:29:43, 04:34:01, 05:38:13, 06:42:13, 07:46:13, 08:50:25.

Before switching Usage source to OAuth API + cookies to Manual, the same parse failure drove opens every 20 s–3 min (cooldown default claudeOAuthDelegatedRefreshCooldownIntervalSecondsV1 = 20).

Quitting CodexBar stops the launches immediately (verified against the predicted next tick).

Expected

  1. Support the current Claude Code credential storage (2.1.x) — read the token from its new location instead of expecting it inside Claude Code-credentials.
  2. Never call open/launch a browser from a background refresh path. Surface a menu badge / "Re-authenticate" action gated behind an explicit user click, with backoff and a hard cap.

Why this matters

A background menu-bar app repeatedly launching the user's browser (even seconds after they quit it) reads as malware-like behavior (see also #1681) and is disruptive. The failure is silent-but-visible: users see their browser "haunted" with no clue CodexBar is the cause; it took unified-log attribution-chain forensics to find it.

Related

#1823 (Claude constantly loses token), #1161 (CodexBar can desync Claude Code's OAuth refresh token), #1287 (both Web and OAuth paths lack working refresh), #108 (repeated keychain prompts for Claude Code-credentials), #1681 (malware-like perception of keychain behavior).

Workaround for affected users

Quit CodexBar. (Disabling the Claude provider via providers[].enabled=false in ~/.config/codexbar/config.json is being tested as a lighter workaround; I can report back in a comment.)

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1Urgent regression or broken agent/channel workflow affecting real users now.clawsweeper:needs-live-reproClawSweeper needs live local, crabbox, or manual validation to confirm this issue.clawsweeper:needs-maintainer-reviewClawSweeper marked this issue as needing maintainer review before automation.clawsweeper:needs-product-decisionClawSweeper marked this issue as needing a product or behavior decision.clawsweeper:needs-security-reviewClawSweeper marked this issue as needing security-sensitive review.clawsweeper:no-new-fix-prClawSweeper does not recommend queueing a new automated fix PR for this issue.impact:auth-providerThis issue is about auth, provider routing, model choice, or SecretRef resolution.impact:securityThis issue is about security boundaries, credentials, authz, sandboxing, or sensitive data.issue-rating: 🐚 platinum hermitGood issue quality with a plausible reproduction path needing some confirmation.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions