Skip to content

🤖 feat: add Anthropic OAuth authentication for Claude Pro/Max subscription #841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ibetitsmike wants to merge 1 commit into from
Closed

🤖 feat: add Anthropic OAuth authentication for Claude Pro/Max subscription #841

ibetitsmike wants to merge 1 commit into from

Conversation

@ibetitsmike
Copy link
Contributor

@ibetitsmike ibetitsmike commented Dec 2, 2025

Summary

Implements OAuth 2.0 + PKCE flow for authenticating with Claude Pro/Max accounts. This allows users to use their subscription for API calls instead of per-token billing (same as Claude Code CLI).

OAuth Flow

1. User triggers login → startOAuthFlow("max")
2. Opens https://claude.ai/oauth/authorize with PKCE challenge
3. User logs in and authorizes
4. User copies authorization code (format: code#state)
5. exchangeCodeForTokens(code, verifier) → access + refresh tokens
6. API calls use Bearer token instead of x-api-key
7. Automatic token refresh when expired

Key Implementation Details

Component Description
Client ID 9d1c250a-e61b-44d9-88ed-5944d1962f5e (same as Claude Code)
Auth URL https://claude.ai/oauth/authorize
Token URL https://console.anthropic.com/v1/oauth/token
Scopes org:create_api_key user:profile user:inference
Storage ~/.mux/oauth.json

Authentication Priority

When using Anthropic models, authentication is checked in this order:

  1. OAuth credentials (from ~/.mux/oauth.json) - uses subscription
  2. providers.jsonc config (apiKey)
  3. ANTHROPIC_API_KEY environment variable
  4. ANTHROPIC_AUTH_TOKEN environment variable

API

// Start OAuth flow
const { authUrl, verifier } = await api.oauth.anthropic.start("max");
// Open authUrl in browser, user copies code

// Exchange code for tokens
await api.oauth.anthropic.exchange(code, verifier);

// Check status
const { authenticated, expiresAt } = await api.oauth.anthropic.status();

// Logout
await api.oauth.anthropic.logout();

Note

This PR adds the backend infrastructure. A follow-up PR will add the UI for login/logout in the Settings panel.

Generated with mux

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Dec 2, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@ibetitsmike ibetitsmike force-pushed the anthropic-oauth-api-auth branch 2 times, most recently from c6de886 to 9ea06a6 Compare December 2, 2025 11:53
@ibetitsmike
🤖 feat: add Anthropic OAuth authentication for Claude Pro/Max subscri…
2b4c967 
…ption

Implements OAuth 2.0 + PKCE flow for authenticating with Claude Pro/Max accounts.
This allows users to use their subscription for API calls instead of per-token billing.

Key changes:
- src/node/services/anthropicOAuth.ts: OAuth module with PKCE flow
  - startOAuthFlow(): Generate auth URL and PKCE verifier
  - exchangeCodeForTokens(): Exchange authorization code for tokens
  - refreshAccessToken(): Automatic token refresh
  - createOAuthFetch(): Fetch wrapper that adds OAuth auth headers

- src/node/config.ts: OAuth credential storage
  - loadAnthropicOAuthCredentials()
  - saveAnthropicOAuthCredentials()
  - clearAnthropicOAuthCredentials()
  - Stored in ~/.mux/oauth.json

- src/node/services/aiService.ts: OAuth integration
  - OAuth takes priority over API key when configured
  - Automatic token refresh on expiry
  - Logs when using OAuth authentication

- IPC API for frontend integration:
  - oauth.anthropic.start(mode): Start OAuth flow
  - oauth.anthropic.exchange(code, verifier): Complete flow
  - oauth.anthropic.status(): Check authentication status
  - oauth.anthropic.logout(): Clear credentials

Based on the OAuth flow used by Claude Code CLI and OpenCode.

_Generated with mux_
@ibetitsmike ibetitsmike force-pushed the anthropic-oauth-api-auth branch from 9ea06a6 to 2b4c967 Compare December 2, 2025 11:55
@ibetitsmike ibetitsmike closed this Dec 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ibetitsmike