-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Claude provider: Claude Code-credentials keychain item holds only mcpOAuth entries on Claude Code 2.1.x → ClaudeOAuthCredentialsError + hourly "delegated CLI refresh" opens the default browser #1844
Copy link
Copy link
Closed
Labels
P1Urgent regression or broken agent/channel workflow affecting real users now.Urgent regression or broken agent/channel workflow affecting real users now.clawsweeper:needs-live-reproClawSweeper needs live local, crabbox, or manual validation to confirm this issue.ClawSweeper needs live local, crabbox, or manual validation to confirm this issue.clawsweeper:needs-maintainer-reviewClawSweeper marked this issue as needing maintainer review before automation.ClawSweeper marked this issue as needing maintainer review before automation.clawsweeper:needs-product-decisionClawSweeper marked this issue as needing a product or behavior decision.ClawSweeper marked this issue as needing a product or behavior decision.clawsweeper:needs-security-reviewClawSweeper marked this issue as needing security-sensitive review.ClawSweeper marked this issue as needing security-sensitive review.clawsweeper:no-new-fix-prClawSweeper does not recommend queueing a new automated fix PR for this issue.ClawSweeper does not recommend queueing a new automated fix PR for this issue.impact:auth-providerThis issue is about auth, provider routing, model choice, or SecretRef resolution.This issue is about auth, provider routing, model choice, or SecretRef resolution.impact:securityThis issue is about security boundaries, credentials, authz, sandboxing, or sensitive data.This issue is about security boundaries, credentials, authz, sandboxing, or sensitive data.issue-rating: 🐚 platinum hermitGood issue quality with a plausible reproduction path needing some confirmation.Good issue quality with a plausible reproduction path needing some confirmation.
Description
Metadata
Metadata
Assignees
Labels
P1Urgent regression or broken agent/channel workflow affecting real users now.Urgent regression or broken agent/channel workflow affecting real users now.clawsweeper:needs-live-reproClawSweeper needs live local, crabbox, or manual validation to confirm this issue.ClawSweeper needs live local, crabbox, or manual validation to confirm this issue.clawsweeper:needs-maintainer-reviewClawSweeper marked this issue as needing maintainer review before automation.ClawSweeper marked this issue as needing maintainer review before automation.clawsweeper:needs-product-decisionClawSweeper marked this issue as needing a product or behavior decision.ClawSweeper marked this issue as needing a product or behavior decision.clawsweeper:needs-security-reviewClawSweeper marked this issue as needing security-sensitive review.ClawSweeper marked this issue as needing security-sensitive review.clawsweeper:no-new-fix-prClawSweeper does not recommend queueing a new automated fix PR for this issue.ClawSweeper does not recommend queueing a new automated fix PR for this issue.impact:auth-providerThis issue is about auth, provider routing, model choice, or SecretRef resolution.This issue is about auth, provider routing, model choice, or SecretRef resolution.impact:securityThis issue is about security boundaries, credentials, authz, sandboxing, or sensitive data.This issue is about security boundaries, credentials, authz, sandboxing, or sensitive data.issue-rating: 🐚 platinum hermitGood issue quality with a plausible reproduction path needing some confirmation.Good issue quality with a plausible reproduction path needing some confirmation.
TL;DR: On Claude Code 2.1.196 the keychain item
Claude Code-credentialsno longer contains the Claude OAuth credentials CodexBar expects — it holds onlymcpOAuthstate for MCP servers. CodexBar therefore fails to parse credentials (ClaudeOAuthCredentialsError), treats the token as expired, and every ~64 minutes runs a "delegated Claude CLI refresh" whose recovery path calls/usr/bin/open— launching the user's default browser (Firefox), even right after the user quit it. Before I switched Usage source to OAuth API and Claude cookies to Manual, the same failure also drove a much faster retry loop (opens every 20 s–3 min).Environment
Smoking gun — keychain payload
security find-generic-password -s "Claude Code-credentials" -wreturns a 1562-byte JSON whose only top-level key ismcpOAuth(entries for MCP servers: craft, plugin:slack:slack, kosik, plugin:figma:figma; theiraccessTokenfields are even empty strings). There is no Claude OAuth key (no accessToken/refreshToken/expiresAt for claude.ai). Claude Code evidently stores its main OAuth token elsewhere now.This matches CodexBar's log exactly:
The dropdown shows: "Claude OAuth token expired and delegated Claude CLI refresh failed: Claude keychain did not update after Claude CLI touch. Run
claude login, then retry." Re-login does not help — the CLI writes the token to the new location, not intoClaude Code-credentials.Browser-opening evidence
Every delegated refresh ends in an
opencall that launches the default browser. macOS tccd attribution:LaunchServices:
_LSLaunchRB(org.mozilla.firefox, event=GURL/GURL, ...).Cadence over one night (exact ~64 min 12 s period): 23:12:55, 00:17:07, 01:21:19, 02:25:31, 03:29:43, 04:34:01, 05:38:13, 06:42:13, 07:46:13, 08:50:25.
Before switching Usage source to OAuth API + cookies to Manual, the same parse failure drove opens every 20 s–3 min (cooldown default
claudeOAuthDelegatedRefreshCooldownIntervalSecondsV1 = 20).Quitting CodexBar stops the launches immediately (verified against the predicted next tick).
Expected
Claude Code-credentials.open/launch a browser from a background refresh path. Surface a menu badge / "Re-authenticate" action gated behind an explicit user click, with backoff and a hard cap.Why this matters
A background menu-bar app repeatedly launching the user's browser (even seconds after they quit it) reads as malware-like behavior (see also #1681) and is disruptive. The failure is silent-but-visible: users see their browser "haunted" with no clue CodexBar is the cause; it took unified-log attribution-chain forensics to find it.
Related
#1823 (Claude constantly loses token), #1161 (CodexBar can desync Claude Code's OAuth refresh token), #1287 (both Web and OAuth paths lack working refresh), #108 (repeated keychain prompts for
Claude Code-credentials), #1681 (malware-like perception of keychain behavior).Workaround for affected users
Quit CodexBar. (Disabling the Claude provider via
providers[].enabled=falsein~/.config/codexbar/config.jsonis being tested as a lighter workaround; I can report back in a comment.)