Anthropic Claude Pro/Max OAuth login fails with 429 on token exchange

[dotCipher]

Description

opencode auth login -p anthropic -m "Claude Pro/Max" consistently fails during the OAuth code exchange step with 429 Too Many Requests from https://console.anthropic.com/v1/oauth/token.

This is not just a generic Failed to authorize UI problem; with local debug logging enabled in the Anthropic auth plugin, the underlying failure is:

[opencode-anthropic-auth] OAuth exchange failed: status=429 statusText=Too Many Requests headers={...} body={
  "error": {
    "type": "rate_limit_error",
    "message": "Rate limited. Please try again later."
  }
}

I can reproduce this across multiple Anthropic accounts, which makes it look more like a flow-level / client-level / IP-level throttle than an account-specific Max-plan problem.

Environment

• OpenCode version: 1.2.20
• OS: macOS
• Provider: anthropic
• Login method: Claude Pro/Max

Steps to reproduce

1. Run:

   opencode auth login -p anthropic -m "Claude Pro/Max" --print-logs --log-level DEBUG

2. Open the provided claude.ai/oauth/authorize URL in the browser.
3. Complete login successfully in Claude.
4. Paste the returned authorization code back into OpenCode.
5. Observe Failed to authorize.

What is happening underneath

The browser authorization step succeeds and returns a code.

The failure happens on the follow-up token exchange to:

• POST https://console.anthropic.com/v1/oauth/token

The plugin currently collapses that HTTP failure into a generic Failed to authorize message.

Related behavior

Earlier in the same session, Anthropic OAuth refresh was also failing for prompt traffic with:

Error: Token refresh failed: 429

So both fresh login and refresh appear to be failing on the Anthropic OAuth/token path.

Notes

• Anthropic status page was nominal at the time.
• We also tested changing the outgoing User-Agent for Anthropic requests locally, but the 429 still occurred.
• The response did not include a Retry-After header or obvious Anthropic rate-limit reset metadata, only generic front-door headers.

Request

It would help a lot if OpenCode could:

1. Surface the real OAuth exchange status/body instead of only Failed to authorize.
2. Clarify whether this Anthropic OAuth flow is still supported / expected to work for Claude Pro/Max.
3. Potentially make the Anthropic auth/user-agent behavior configurable for debugging.

If helpful, I can provide the exact debug patch used to expose the hidden exchange error.

[github-actions]

This issue might be a duplicate of existing issues. Please check:

• Claude code 0auth broked!? #18267: Reports the same 429 error on Anthropic Claude Pro/Max OAuth token exchange
• Claude Pro/Max auth flow returns Invalid token. #18315: Reports Claude Pro/Max auth flow failures (Invalid Token / Failed refresh token) — same auth flow
• Repository anomalyco/opencode-anthropic-auth no longer exists, why? #18265: Related discussion about the Anthropic auth plugin being removed/unavailable

Please review those issues to see if your problem is already being tracked, and consider adding your findings there instead.

[dotCipher]

Wrote a user agent configuration plugin to solve this actually, it did end up working: https://github.com/dotCipher/opencode-anthropic-user-agent-plugin

[dotCipher]

Follow-up: I was able to work around this locally by changing the Anthropic-facing User-Agent, and that resolved the login issue for me.

So at least in my case, this does not appear to be a generic bad auth-code problem. It looks more like the Anthropic OAuth/token exchange path was sensitive to the client fingerprint / user-agent being sent by OpenCode on this flow.

What I observed:

• claude.ai/oauth/authorize succeeded
• the failure was on POST https://console.anthropic.com/v1/oauth/token
• after overriding the Anthropic-facing User-Agent, the flow started working

I packaged the workaround as a small OpenCode plugin here:

• GitHub: https://github.com/dotCipher/opencode-anthropic-user-agent-plugin
• npm: https://www.npmjs.com/package/opencode-anthropic-user-agent-plugin

This may help narrow the root cause:

1. OpenCode's Anthropic auth flow may be sending a User-Agent that triggers throttling / rejection on Anthropic's token exchange path.
2. It may be worth making the Anthropic User-Agent configurable for debugging.
3. It would still be helpful for OpenCode to surface the real exchange response instead of only Failed to authorize.

[Nick-Hopps]

not work for me. btw the oAuth domain has changed to platform.anthropic.com

[lehdqlsl]

I tried your user-agent plugin first — thanks for the detailed root cause analysis. In my case the OAuth flow itself was broken regardless of UA, so I took a different approach: syncing existing Claude CLI credentials directly into OpenCode's auth store, skipping the OAuth login entirely.

Not an npm package — plain shell scripts (~100 lines) you can audit before running. No supply chain risk.

Repo: https://github.com/lehdqlsl/opencode-claude-auth-sync

[vinzabe]

here's the fix https://github.com/vinzabe/opencode-anthropic-oauth-fix

[DerDummePunkt]

I'm not sure this will be fixed :/
#18186

[JlMoreno00]

Tested a working workaround on macOS with OpenCode 1.2.27 and Claude Code 2.1.80.

This does not fix the built-in Anthropic login flow itself, but it did restore Anthropic usage end-to-end here:

1. Remove local Anthropic patches/plugins from OpenCode (custom auth plugins, user-agent overrides, prompt spoof plugins).
2. Remove the stale Anthropic entry from OpenCode auth storage.
3. Re-auth Claude CLI with claude auth login --claudeai.
4. Sync Claude CLI credentials into OpenCode using opencode-claude-auth-sync:
   https://github.com/lehdqlsl/opencode-claude-auth-sync
5. Verify the sync script reports a valid token before testing OpenCode.

Important detail: if the sync script reports EXPIRED, syncing will not help. Refresh Claude CLI first, then sync again.

After doing that, this worked:

opencode run --model anthropic/claude-sonnet-4-0 "Reply only with OK"

Result:

OK

So the reliable workaround for me was: use Claude CLI as the source of truth for Anthropic OAuth, then sync those fresh credentials into OpenCode instead of relying on OpenCode's Anthropic login flow.