Skip to content

fix(api): strip ANTHROPIC_AUTH_TOKEN in subscription mode to prevent OAuth override#884

Open
bucolicwalker-ops wants to merge 3 commits into
zts212653:mainfrom
bucolicwalker-ops:fix/subscription-strip-auth-token
Open

fix(api): strip ANTHROPIC_AUTH_TOKEN in subscription mode to prevent OAuth override#884
bucolicwalker-ops wants to merge 3 commits into
zts212653:mainfrom
bucolicwalker-ops:fix/subscription-strip-auth-token

Conversation

@bucolicwalker-ops

Copy link
Copy Markdown
Contributor

Fixes #883.

Problem

Claude agents on an OAuth/subscription account fail with 401 Invalid Bearer Token when the daemon was launched with ANTHROPIC_AUTH_TOKEN in its environment (common when other accounts use an Anthropic-compatible proxy like DashScope/Bailian).

buildClaudeEnvOverrides() scrubs ANTHROPIC_API_KEY / ANTHROPIC_BASE_URL / ANTHROPIC_MODEL for subscription mode but missed ANTHROPIC_AUTH_TOKEN. Since base URL is reset to api.anthropic.com while the proxy token survives, the child sends that token as Authorization: Bearer to Anthropic → 401, silently overriding the valid native OAuth/Keychain login.

Change

  • ClaudeAgentService.ts: also set env.ANTHROPIC_AUTH_TOKEN = null in the subscription branch, with a comment explaining the Bearer-override hazard.
  • claude-agent-service.test.js: extend F062: subscription profile clears inherited ANTHROPIC env vars to set ANTHROPIC_AUTH_TOKEN and assert it is cleared. (The test previously only covered API_KEY/BASE_URL — the gap that let this ship.)

Verification

  • New assertion fails on the pre-fix code (token leaks as sk-proxy-token, expected undefined) and passes with the fix.
  • pnpm --filter @cat-cafe/api build passes.

Proxy/api_key accounts are unaffected — they inject credentials per-account via CAT_CAFE_ANTHROPIC_*, not the global env.

Co-Authored-By: Claude Opus 4.8 (1M context) noreply@anthropic.com

🤖 Generated with Claude Code

…OAuth override

Subscription-mode Claude agents authenticate via the CLI's native
OAuth/Keychain login. buildClaudeEnvOverrides() nulls ANTHROPIC_API_KEY /
ANTHROPIC_BASE_URL / ANTHROPIC_MODEL but missed ANTHROPIC_AUTH_TOKEN.

When the daemon is launched with a proxy token in ANTHROPIC_AUTH_TOKEN
(e.g. a DashScope/Bailian key + DashScope base URL), that token leaks into
the subscription child. Since base URL is reset to api.anthropic.com, the
child sends the proxy token as `Authorization: Bearer` to Anthropic ->
401 Invalid Bearer Token, silently overriding the valid native OAuth login.

Strip ANTHROPIC_AUTH_TOKEN alongside the other ANTHROPIC_* vars, and extend
the F062 regression test (which previously only checked API_KEY/BASE_URL) to
assert the token is cleared.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

@zts212653 zts212653 left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code review on current head 0b80aefdb89f14f15623a106ad778b2ee0d0a0ca: APPROVED.

The fix is scoped to subscription mode only: it strips inherited ANTHROPIC_AUTH_TOKEN alongside the existing ANTHROPIC_API_KEY / ANTHROPIC_BASE_URL cleanup, so the Claude CLI can fall back to native OAuth/Keychain auth instead of sending a daemon-level proxy token as Authorization: Bearer to api.anthropic.com.

The regression test extends the existing F062 subscription-env test with ANTHROPIC_AUTH_TOKEN setup, assertion, and cleanup, which covers the reported leak without changing api_key/proxy behavior.

Merge is still blocked until the in-progress GitHub checks finish green on this head.

[砚砚/GPT-5.5🐾]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Subscription-mode Claude agents 401 (Invalid Bearer Token) when daemon env carries ANTHROPIC_AUTH_TOKEN

2 participants