Claude Code Login Not Working: How to Fix Authentication Issues

Claude Code login fails most commonly due to OAuth callback timeouts, macOS keychain access issues, or DNS resolution problems blocking the authentication endpoint. The fastest fix is to update Claude Code, clear ~/.claude/cache, and retry — or bypass OAuth entirely by setting the ANTHROPIC_API_KEY environment variable.

Common Causes of Login Failure

Claude Code login requires a browser-based OAuth flow where the CLI opens a browser window, you authenticate, and the browser redirects a token back to the CLI. This multi-step process has several failure points.

According to the Claude Code troubleshooting documentation, the most reported login issues are:

• OAuth callback timeout: The CLI stops listening for the browser redirect before it completes, typically after 60 seconds
• Keychain locked (macOS): Claude Code cannot write credentials to the macOS keychain, especially in SSH sessions where the keychain is not unlocked
• DNS resolution failure: The machine cannot resolve claude.ai or auth.anthropic.com, blocking the entire flow
• Google auth issues: Google SSO occasionally fails to complete the redirect, as noted in community reports on PhoenixTrap
• Stale session state: Previous failed login attempts leave corrupted tokens in the cache

Cause and Fix Reference Table

Each login failure type has a specific fix. Use this table to identify your issue and jump to the right solution.

macOS Keychain Fix

Claude Code stores authentication credentials in the macOS keychain by default. When the keychain is locked — which happens automatically during SSH sessions or after system sleep — Claude Code cannot write or read tokens, causing login failures.

To unlock the keychain manually:

security unlock-keychain ~/Library/Keychains/login.keychain-db

You will be prompted for your macOS user password. After unlocking, retry the Claude Code login. For SSH sessions where you need persistent keychain access, you can set the keychain to remain unlocked for the session duration.

On Linux, Claude Code uses the system's secret service (such as GNOME Keyring or KWallet). If these are not available in a headless environment, the API key approach described below is the recommended workaround. For full setup details, see our Claude Code guide.

DNS and Network Troubleshooting

DNS resolution failures silently prevent Claude Code from reaching the authentication server. If login hangs without any error message, DNS is a likely culprit, especially on corporate networks with restrictive DNS policies.

Test DNS resolution with:

nslookup claude.ai
nslookup auth.anthropic.com

If either command fails to resolve, your DNS server is blocking the domain. Fixes include:

• Switching to a public DNS server (8.8.8.8 for Google DNS or 1.1.1.1 for Cloudflare)
• Adding claude.ai and auth.anthropic.com to your network's DNS allowlist
• Bypassing VPN for authentication (if your organization allows it)

Also check status.claude.com to confirm the authentication service is not experiencing an outage. If the status page itself does not load, the problem is network-level on your side.

Use API Key Instead of OAuth

API key authentication bypasses the browser-based OAuth flow entirely and is more reliable for automated and headless environments. Set the ANTHROPIC_API_KEY environment variable with a key from console.anthropic.com:

export ANTHROPIC_API_KEY="sk-ant-..."
claude

When this environment variable is set, Claude Code skips OAuth and authenticates directly with the API. This approach is recommended for SSH sessions, CI/CD pipelines, Docker containers, and any environment where a browser is not available.

API keys do not expire during a session but should be rotated regularly and never committed to version control. Store them in a secrets manager or encrypted environment file rather than your shell profile. For more on configuring Claude Code in different environments, see the Claude Dispatch guide.

Limitations and Tradeoffs

API key authentication avoids OAuth issues but introduces key management complexity. Unlike OAuth, where tokens are automatically refreshed, API keys must be manually created, distributed, and rotated. For teams, this means implementing a key management policy.

The keychain unlock fix on macOS is a per-session solution. If you regularly connect via SSH, you will need to unlock the keychain each time or configure automatic unlock in your SSH workflow.

DNS troubleshooting may not be possible on managed corporate networks where you cannot change DNS settings. In these cases, work with your IT team to allowlist the required Anthropic domains, or use an API key that only needs outbound HTTPS access.

Related Guides

• Claude Code: Complete Guide
• Fix Claude Code OAuth Error 500
• Claude Dispatch Guide

Frequently Asked Questions

Why can't I log into Claude Code?

Claude Code login failures are typically caused by OAuth callback timeouts, keychain access issues on macOS, DNS resolution failures blocking the authentication endpoint, or server-side incidents at Anthropic. Check status.claude.com first, then try the fixes in order: update Claude Code, clear cache, unlock keychain, and check DNS.

How do I fix Claude Code timeout?

Claude Code login timeouts happen when the browser-to-CLI OAuth redirect takes too long. Fix this by ensuring no browser extension is blocking redirects, closing unused browser tabs, and retrying the login. If the timeout persists, use an API key with ANTHROPIC_API_KEY to bypass OAuth entirely.

Can I use Claude Code without OAuth?

Yes. Set the ANTHROPIC_API_KEY environment variable with a valid API key from console.anthropic.com. This bypasses the browser-based OAuth flow entirely and is the recommended approach for SSH sessions, headless servers, and CI/CD pipelines.