fix: use ANTHROPIC_AUTH_TOKEN for managed account providers (Copilot/Codex)#4063
Open
runyuxu wants to merge 1 commit into
Open
fix: use ANTHROPIC_AUTH_TOKEN for managed account providers (Copilot/Codex)#4063runyuxu wants to merge 1 commit into
runyuxu wants to merge 1 commit into
Conversation
…d account providers GitHub Copilot and Codex OAuth providers use the ManagedAccount auth policy, which previously wrote ANTHROPIC_API_KEY=PROXY_MANAGED into the Claude config. Claude Code CLI's login check recognises ANTHROPIC_AUTH_TOKEN as the session credential; when only ANTHROPIC_API_KEY is present with a placeholder value, the CLI shows "Not logged in · Please run /login" on every startup. Fix the ManagedAccount policy to write ANTHROPIC_AUTH_TOKEN=PROXY_MANAGED instead, consistent with how PreserveExistingOrAuthToken handles the case where no pre-existing token key is found. Update tests accordingly.
Owner
|
@codex review |
|
Codex Review: Didn't find any major issues. Hooray! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When GitHub Copilot or Codex OAuth is set as the active provider, the
ManagedAccountauth policy writesANTHROPIC_API_KEY=PROXY_MANAGEDinto~/.claude/settings.json.Claude Code CLI's login check recognises
ANTHROPIC_AUTH_TOKENas the session credential. When onlyANTHROPIC_API_KEYis present with a placeholder value, the CLI shows:on every new terminal session, even though the proxy is running and requests are succeeding.
Users on
PreserveExistingOrAuthTokenproviders (e.g. direct Anthropic API) don't hit this because that policy defaults to writingANTHROPIC_AUTH_TOKENwhen no pre-existing key is found.Fix
Change
ManagedAccountpolicy to writeANTHROPIC_AUTH_TOKEN=PROXY_MANAGEDinstead ofANTHROPIC_API_KEY=PROXY_MANAGED, consistent with what Claude Code expects for session auth.Test plan
ANTHROPIC_AUTH_TOKENis set andANTHROPIC_API_KEYis absent after takeover (Copilot and Codex cases)claudeshould not show "Not logged in"🤖 Generated with Claude Code