From c344f55af316c66e65614cda8892742ea479ed80 Mon Sep 17 00:00:00 2001 From: rudaev Date: Fri, 1 May 2026 13:10:58 +0700 Subject: [PATCH] fix: prevent 401s when claude-code drops oauth-2025-04-20 from anthropic-beta MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Claude Code 2.1.121+ has an upstream regression where its request-builder occasionally omits `oauth-2025-04-20` from the outgoing `anthropic-beta` header — most reliably on large requests (~280 KB body) with full tool loadout in interactive sessions. When this happens, the Anthropic API responds 401 with the misleading "OAuth authentication is currently not supported" message. teamclaude faithfully forwards what claude-code sent, so the failure surfaces here. Refs: anthropics/claude-code#54235, OpenClaw #41444 (Object.assign source- order merge clobbers the OAuth gate). Anthropic shipped a partial fix in 2.1.123 and refactored the beta system in 2.1.126, but real-world load still reproduces the 401. This patch defends teamclaude users from the upstream bug: on OAuth-account requests, ensure `oauth-2025-04-20` is present in `anthropic-beta` before forwarding. Idempotent (no-op when claude-code includes it correctly). Gated on `isOAuth=true` so x-api-key flows are untouched. 14 LOC including an 8-line comment block. Validation in production: - Pre-patch: first VS Code session request reproduced the 401. - Post-patch: 4/5 consecutive responses 200 (the 5th was a 429 rate-limit, unrelated). Outbound `anthropic-beta` now consistently shows `oauth-2025-04-20,claude-code-20250219,context-1m-2025-08-07,...`. --- src/server.js | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/server.js b/src/server.js index e1a86f6..24664b5 100644 --- a/src/server.js +++ b/src/server.js @@ -194,6 +194,24 @@ async function forwardRequest(req, res, body, accountManager, upstream, retryCou headers[key] = value; } + // Defend against an upstream Claude Code regression: claude-code 2.1.121+ + // intermittently drops `oauth-2025-04-20` from `anthropic-beta` when + // model-level betas are merged in. The Anthropic API then returns 401 with + // the misleading `"OAuth authentication is currently not supported"` body. + // teamclaude faithfully forwards what claude-code sent, so the failure + // surfaces here. Refs: anthropics/claude-code#54235, OpenClaw #41444. + // Idempotent (no-op if header already present); gated on isOAuth so + // x-api-key flows are untouched. + if (isOAuth) { + const REQUIRED_OAUTH_BETA = 'oauth-2025-04-20'; + const betaKey = Object.keys(headers).find(k => k.toLowerCase() === 'anthropic-beta'); + const existing = betaKey ? String(headers[betaKey]).split(',').map(s => s.trim()).filter(Boolean) : []; + if (!existing.includes(REQUIRED_OAUTH_BETA)) { + existing.unshift(REQUIRED_OAUTH_BETA); + headers[betaKey || 'anthropic-beta'] = existing.join(','); + } + } + if (isOAuth) { headers['authorization'] = `Bearer ${account.credential}`; } else {