claude-code - 💡(How to fix) Fix [BUG] Claude in Chrome v1.0.70: Account-level OAuth scope missing on Max plan causes infinite retry loop, side panel flicker, and forced logout

Preflight Checklist

• I have searched existing issues and this hasn't been reported yet
• This is a single bug report (please file separate reports for different bugs)
• I am using the latest version of Claude Code

What's Wrong?

⚠️ Routing note for triagers

This is a Claude in Chrome browser extension bug. Filing here per established practice — this repository tracks browser-extension issues with the area:browser-extension label (see #46514, #50157, #34176, #29628, #48806).

A previous submission was auto-labeled invalid by the bot. Requesting human review and the area:browser-extension label.

Summary

The Claude in Chrome side panel and options page both flicker every 10–20 seconds and force-redirect to login every 1–2 minutes, destroying all conversation context.

The WebSocket bridge bridge.claudeusercontent.com persistently rejects OAuth tokens issued to my Max-plan account with a non-transient 403, but the extension retries indefinitely instead of surfacing the error.

Reproduces on 2 different devices with fresh installations — confirming this is a server-side account-level provisioning issue, not a local problem.

Network behavior (from HAR capture, 5 minutes)

The following loop repeated 25 times in a 5-minute window:

1. POST https://platform.claude.com/v1/oauth/token → 200 OK (fresh token issued)
2. WebSocket connect to wss://bridge.claudeusercontent.com/chrome/<bridge_id>
3. Client sends:

   {
     "type": "connect",
     "client_type": "chrome-extension",
     "extension_version": "1.0.70",
     "os_platform": "Windows",
     "device_id": "<uuid>",
     "oauth_token": "sk-ant-oat01-..."
   }

1. Bridge replies:

   {
     "type": "error",
     "error": "OAuth token forbidden (403) — missing scope or org access",
     "reason": "upstream_403",
     "upstream_status": 403,
     "transient": false
   }

1. WebSocket closes, panel re-renders (visible flicker)
2. GET /api/oauth/profile → 200 OK
3. Loop restarts within ~15 seconds

In 5 minutes: 25 retry cycles, 116 total requests. Every freshly minted token gets the same 403.

Two distinct bugs

Bug 1 — Server-side: Missing OAuth scope for Max account

The bridge requires a scope/claim that my account's tokens are not carrying, despite an active Max subscription. /api/oauth/profile returns 200 (auth works), only the bridge rejects.

Bug 2 — Client-side: Infinite retry on transient: false

The extension ignores the explicit "transient": false flag and retries indefinitely with no backoff. Each retry tears down side-panel UI state, causing the flicker and eventual forced logout. Even when Bug 1 is fixed, this client behavior turns any future non-transient error into a data-destroying loop.

Multi-device verification (proves server-side)

Tested on 2 different Windows machines:

• Fresh Chrome profiles on each
• Fresh extension installation on each
• Different OAuth tokens (rotated per retry)
• Different sessions
• Same identical 403 on both

Rules out: local cache, stale tokens, extension corruption, Chrome profile state, cookies, browser version. The bug follows my account, not the device.

Settings verified correct

• Plan: Max (active, $88.47/mo, auto-renews May 29, 2026)
• /api/oauth/profile returns 200
• claude.ai → Settings → Claude in Chrome: "Allow extension"
• No blocked sites
• Latest Chrome version
• Extension enabled at chrome://extensions
• Service worker: ACTIVATED + RUNNING, version 76, console log empty (per chrome://serviceworker-internals)

Affected pages

The flicker affects all extension UI pages with shared auth state:

• chrome-extension://fcoeoabgfenejglbffodgkkbkcdhcgfn/sidepanel.html
• chrome-extension://fcoeoabgfenejglbffodgkkbkcdhcgfn/options.html

Even the Claude in Chrome settings page itself flickers while open. Rules out side-panel-specific React state corruption.

Tangential observations

CSP violations on options.html#options:8 (likely separate Manifest V3 compliance issues, not the OAuth bug):Executing inline script violates 'script-src 'self'' Loading the script 'https://cdn.segment.com/.../amplitude-plugins/...' violates "script-src 'self'" at assets/useStorageState-zNVna44X.js:3

Build artifact service-worker.ts-gaAAsstG.js retains .ts extension before content hash — minor build pipeline note.

Suspected root causes for engineering

1. Stale org metadata on the account
2. Account migration that didn't propagate the bridge scope
3. Region-specific feature flag (account in Bangkok, Thailand)
4. Token issuance pipeline not attaching the bridge scope for Max tier

Suggested fixes

Server (Bug 1):

• Audit OAuth scope assignment for Max accounts
• Investigate this account's specific provisioning state
• Add server-side logging when bridge rejects an authenticated user (currently invisible)

Client (Bug 2):

• Honor "transient": false — stop retrying, show actionable error UI
• Add exponential backoff and retry cap regardless of error type
• Decouple side-panel UI state from WebSocket lifecycle (preserve conversation across reconnects)

Support escalation already attempted

• Filed support ticket via support.claude.com chat
• AI agent (Fin) confirmed inability to access account state or escalate to engineering
• Conversation ID: 215474228853141 (for cross-reference if needed)

Available evidence (private — contains credentials)

• HAR files from 2 devices (~5 min each, contain rotating OAuth tokens)
• Service worker internals snapshot
• DevTools console output
• Settings page screenshots

⚠️ HAR files cannot be posted publicly. Please request via secure channel.

What Should Happen?

1. Have a Max-plan account in the affected provisioning state (account-specific — confirmed by multi-device test in description)
2. Install Claude in Chrome v1.0.70 from Chrome Web Store (Extension ID: fcoeoabgfenejglbffodgkkbkcdhcgfn)
3. Sign in with the affected Max account
4. Open the side panel and start a conversation
5. Open DevTools on the side panel → Network tab → enable "Preserve log"
6. Wait 10–20 seconds during normal use

Observed (repeats every ~15 seconds): a. POST https://platform.claude.com/v1/oauth/token → 200 OK b. WebSocket to wss://bridge.claudeusercontent.com/chrome/<id> c. Bridge returns 403: "OAuth token forbidden — missing scope or org access" with "transient": false d. WebSocket closes e. Side panel flickers (visible re-render) f. Loop restarts

After ~5–10 cycles: forced redirect to login screen, conversation context permanently lost.

To verify it's account-level rather than local: 7. Repeat steps 2–6 on a different machine with a fresh Chrome profile 8. Same 403 occurs immediately

Error Messages/Logs

Steps to Reproduce

1. Have a Max-plan account in the affected provisioning state (account-specific — confirmed by multi-device test in description)
2. Install Claude in Chrome v1.0.70 from Chrome Web Store (Extension ID: fcoeoabgfenejglbffodgkkbkcdhcgfn)
3. Sign in with the affected Max account
4. Open the side panel and start a conversation
5. Open DevTools on the side panel → Network tab → enable "Preserve log"
6. Wait 10–20 seconds during normal use

Observed (repeats every ~15 seconds): a. POST https://platform.claude.com/v1/oauth/token → 200 OK b. WebSocket to wss://bridge.claudeusercontent.com/chrome/<id> c. Bridge returns 403: "OAuth token forbidden — missing scope or org access" with "transient": false d. WebSocket closes e. Side panel flickers (visible re-render) f. Loop restarts

After ~5–10 cycles: forced redirect to login screen, conversation context permanently lost.

To verify it's account-level rather than local: 7. Repeat steps 2–6 on a different machine with a fresh Chrome profile 8. Same 403 occurs immediately on the second device

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

No response

Claude Code Version

N/A — this is a Claude in Chrome browser extension bug, not a Claude Code CLI bug. Claude in Chrome extension version: 1.0.70 Extension ID: fcoeoabgfenejglbffodgkkbkcdhcgfn

Platform

Other

Operating System

Windows

Terminal/Shell

Other

Additional Information

No response