Skip to content

fix: refresh Anthropic OAuth after auth failures#252

Merged
chubes4 merged 1 commit into
mainfrom
fix/opencode-anthropic-auth-failure-refresh
Jul 3, 2026
Merged

fix: refresh Anthropic OAuth after auth failures#252
chubes4 merged 1 commit into
mainfrom
fix/opencode-anthropic-auth-failure-refresh

Conversation

@chubes4

@chubes4 chubes4 commented Jul 3, 2026

Copy link
Copy Markdown
Member

Summary

  • refresh the active Claude OAuth credential after Anthropic returns an auth failure before retrying
  • refresh rotated accounts before using them for auth-failure retries
  • replace stale account-store entries when refresh tokens rotate instead of appending duplicates

Context

OpenCode /connect can leave Anthropic OAuth entries with stale access tokens in both auth.json and the remembered account rotation file. The previous hardening refreshed expired tokens before requests, but a 401 response rotated to another remembered account and reused that account's stored access token as-is. That could surface as "invalid authentication credentials" immediately after a successful login.

Testing

  • tests/opencode-claude-auth-refresh-hardening.sh
  • tests/opencode-local-plugin-path.sh
  • bun build runtimes/opencode/plugins/claude-code-auth.ts --outfile /var/folders/lr/c_cmmt7s0592m4njz99v5yb40000gn/T/opencode/claude-code-auth-check.js --target=node

AI assistance

  • AI assistance: Yes
  • Tool(s): gpt-5.5 via OpenCode
  • Used for: Diagnosed the post-/connect stale-token retry path, implemented the OAuth refresh retry fix, and updated regression coverage.

@chubes4 chubes4 merged commit cc5269b into main Jul 3, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant