claude-code icon indicating copy to clipboard operation
claude-code copied to clipboard
Published 13 hours ago verified publisher icon anthropics

[BUG] /install-github-app generates workflow with OAuth tokens that expire without auto-refresh

Open Iamrodos opened this issue 2 months ago • 2 comments

Description

The /install-github-app command generates a GitHub Actions workflow that uses OAuth token authentication for Max Plan subscribers. However, the generated workflow does not include automatic token refresh functionality, causing the action to fail after the OAuth token expires (approximately 1 hour).

Steps to Reproduce

  1. Run /install-github-app while authenticated with a Max Plan subscription
  2. Merge the generated PR with the workflow file
  3. Wait for OAuth token to expire
  4. Open a new PR to trigger the workflow

Expected Behavior

The workflow should either:

  • Include automatic token refresh using CLAUDE_REFRESH_TOKEN and a GitHub PAT, OR
  • Generate a workflow using ANTHROPIC_API_KEY instead of OAuth tokens, OR
  • Document that Max Plan users need to manually refresh tokens periodically

Actual Behavior

The workflow fails with:

Environment variable validation failed:
- Either ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN is required when using direct Anthropic API.

The OAuth token stored in CLAUDE_CODE_OAUTH_TOKEN has expired and no refresh mechanism exists.

Generated Workflow Configuration

- name: Run Claude Code Review
  uses: anthropics/claude-code-action@v1
  with:
    claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Environment

  • Subscription: Max Plan
  • Installation method: /install-github-app command
  • Workflow file: .github/workflows/claude-code-review.yml

Suggested Fix

Either:

  1. Update /install-github-app to also set up CLAUDE_REFRESH_TOKEN and guide users through creating a GitHub PAT for auto-refresh
  2. Provide clear documentation that OAuth tokens expire and need manual refresh
  3. Guide Max Plan users to purchase API credits and use ANTHROPIC_API_KEY instead

Related Issues

  • #2633 (OAuth Token Refresh Failure)
  • #1746 (Max Plan OAuth Login Blocked)

Iamrodos avatar Nov 04 '25 22:11 Iamrodos

This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.

github-actions[bot] avatar Dec 09 '25 10:12 github-actions[bot]

Have been facing this too

ydidwania avatar Dec 29 '25 11:12 ydidwania