Anthropic restricts third-party use of Claude Code subscription OAuth tokens

TL;DR

OpenCode users report that Claude Code Pro/Max OAuth tokens began failing in third-party clients, returning an error that the credential is restricted to Claude Code. Community debugging suggests Anthropic is enforcing token use only for Claude Code–shaped requests, breaking integrations like OpenCode.

What happened

Developers using the OpenCode project reported that access to Claude Max / Claude Code stopped working, with requests from OpenCode returning a 400 error indicating the credential is authorized only for Claude Code and cannot be used for other API requests. Contributors captured request traces showing the same OAuth token works when used by the official Claude CLI but fails when used by OpenCode; the requests differ in endpoint, user-agent and beta flags. Community members described immediate disruption — some attempted reconnects, others downgraded or cancelled their Anthropic subscriptions for workflow reasons. Participants posted reproduction details and suggested causes; a troubleshooting note in the repo references adding a 'user:sessions:claude_code' session entry. The issue thread collected many reports from different users and platforms, and maintainers and contributors are discussing next steps in the OpenCode repository.

Why it matters

• Developers and teams using third-party tooling to access Claude Code can lose the ability to use subscriptions outside Anthropic’s own clients.
• OAuth tokens tied to Claude Code subscriptions may be restricted by provider policy or token scope enforcement, disrupting existing integrations.
• Users relying on OpenCode and similar tools reported workflow interruption and subscription changes, indicating practical impact on adoption and retention.
• Projects that integrate with Claude Code must verify token scope and client behavior, or update their implementations to match provider expectations.

Key facts

• Reports appeared in an OpenCode GitHub issue (anomalyco/opencode #7410) published 2026-01-09.
• Affected users saw a 400 invalid_request_error with a message that the credential is only authorized for Claude Code usage.
• Proxyman traces shared in the thread show the same OAuth token succeeding with the Claude CLI but failing when used by OpenCode, with differences in endpoint, user-agent and anthropic-beta headers.
• Community diagnosis: Anthropic appears to enforce that Claude Code OAuth tokens are only valid for Claude Code–shaped requests.
• OpenCode versions mentioned by commenters include 1.1.8 and 1.0.220.
• Some users reported downgrading or cancelling Anthropic subscriptions because the third-party tooling no longer worked for their workflows.
• A repository change referenced in the thread proposes adding user:sessions:claude_code in index.mjs as part of development activity.

What to watch next

• Whether OpenCode maintainers merge or release the change that adds user:sessions:claude_code and if that fixes OAuth rejections.
• Anthropic official guidance or a statement clarifying OAuth token scopes and allowed client usage — not confirmed in the source.
• Any updates from Anthropic or other third-party tool developers about permitted request formats, headers or beta flags required for Claude Code tokens — not confirmed in the source.

Quick glossary

• OAuth token: A bearer credential that grants a client permission to act on behalf of a user or application; scopes and usage rules can limit where a token is accepted.
• Claude Code: A product line or plan name from Anthropic focused on coding assistance; used here to refer to Pro/Max subscriptions and related OAuth tokens.
• OpenCode: An open-source terminal-based developer tool referenced in the issue that integrates with Anthropic models; community-maintained.
• HTTP 400 invalid_request_error: A client-side HTTP error indicating the server could not process the request due to a client issue, such as invalid parameters or disallowed credentials.

Reader FAQ

Can Claude Code subscribers still use their subscriptions in third-party tools?
Users reported that their Claude Code OAuth tokens worked with the official Claude CLI but failed in OpenCode; broader availability in other third-party tools is not confirmed in the source.

Why are the tokens failing in OpenCode?
Community debugging suggests Anthropic is enforcing that Claude Code OAuth tokens be used only with Claude Code–shaped requests, and OpenCode's requests differ in endpoint, user-agent and beta flags.

Has Anthropic publicly commented or issued guidance?
not confirmed in the source

Is there a fix from OpenCode?
The repository thread references a change adding user:sessions:claude_code (index.mjs), but whether that resolves the issue is not confirmed in the source.

anomalyco / opencode Public Notifications Fork 4.7k Star 55.6k Code Issues 1.5k Pull requests 725 Actions Projects Broken Claude Max #7410 New issue Open anomalyco/opencode-anthropic-auth #9 Description piotryordanov opened Description As…

Sources

• Anthropic blocks third-party use of Claude Code subscriptions
• Claude devs complain about surprise usage limits
• Using opencode with Anthropic OAuth violates ToS & …
• Anthropic tightens usage limits for Claude Code without …

Related posts

• Anthropic blocks OpenCode CLI use of Claude Max via API access
• Executable Markdown Files That Run Like Unix Programs, With Pipe Support
• Researchers probe commercial AI models, extract entire Harry Potter book