anthropics
Feature Request: Machine to Machine Authentication for Claude Max Subscriptions
Claude Max subscribers pay $200/month, yet there's no official way to use our subscriptions for automation. The only workaround involves fragile OAuth token extraction, and it's unclear if this violates ToS. This creates unnecessary friction for legitimate developer workflows.
Current Problem
I'm building Webhook automation where Claude Code responds to requests by running in isolated docker containers. This exactly the type of developer workflow Claude Code should excel at (and judging by documentation, is encouraged, why else deliver an SDK?), however we're stuck in a grey area:
- OAuth tokens work but expire unpredictably
- Multiple containers sharing tokens create race conditions
- Token refresh requires hacky 'ping' requests to trigger auto-refresh
- No clear guidance on whether automation use violates ToS
Request: Pick a Lane
Option A: Full Automation Support
- Provide official M2M (machine-to-machine) authentication for Max subscriptions
- Document token lifecycle management
- Add
claude auth:tokenor similar commands for headless environments - Support production deployment patterns
Option B: Interactive-Only Stance
- Clearly state Max subscriptions are for interactive use only
- Remove automation-focused documentation
- Direct automation users to API-only approach
Option C: Hybrid Approach
- Official guidance on OAuth token management for automation
- Supported patterns for containerized deployments
- Clear ToS boundaries on automation use
- Token refresh API or long-lived tokens for CI/CD
Why This Matters
The current situation undermines the value proposition of Claude Max for developers who want to integrate Claude Code into their workflows. We're essentially forced to choose between:
- Violating potential ToS with token extraction hacks
- Paying separately for API access despite our Max subscription
- Abandoning automation use cases entirely
Please provide clarity on the intended use model for Claude Max subscribers who need automation capabilities.
It's not coming directly from Anthropic, but I did find this: https://github.com/grll/claude-code-action/issues/6
Would really appreciate an official comment on this @catherinewu
This is a significant problem. What's the point in headless mode if i have to log in manually every time?
I am experiencing a similar issue but only when Claude Code is launched in a subprocess or remote shell. If I launch it in print mode from a shell where I did login in interactive mode once, it runs without issues, even with JSON streaming output. When I run it using the MCP mode what happens is the following:
- All commands that do not spawn a subprocess work without issues
- The commands Task and Batch which I believe attempt to delegate to sub-sessions work to do, are failing with the message 'please use /login' which doesn't make sense
Any attempt to work around this problem seems to be fragile and potentially violating the usage license. So please 🙏🏻 Anthropic provide us with a solid answer. Even using Claude Code from Claude Desktop as MCP has the same issue which is kind of wired given both product come from the same team.
Hey there! I have been working on this with the community on my fork: https://github.com/grll/claude-code-action.
Originally you just had to pass a few values from your credentials.json as secret on your repo and it would use your subscription instead of a new API key but the token would expire after 8hours. More recently we have greatly improved the setup.
Now we properly set a new "OAuth branch" in your CI and automatically refresh the token if it's close to expire. Essentially it enables seamless Machine to Machine Authentication without invalidating your local oauth setup.
To create a new OAuth chain we use a github action called claude-code-login which prompt you via github workflow to do the oauth flow: https://github.com/grll/claude-code-login. It will store the necessary secrets on your repo to get started with a new oauth chain.
We have also greatly simplified the whole thing by creating an installer script that will write the 2 necessary github workflows to your repo and clearly indicate the few little remaining steps you need to do to enable "@claude" using your subscription:
# cd into your repo
bash <(curl -fsSL https://raw.githubusercontent.com/grll/claude-code-grll-installer/main/installer.sh)
You can have a look at the installer repo here: https://github.com/grll/claude-code-grll-installer
Bottom line if you run the installer above in any repo you own with a remote origin set to github you will have @claude working on that repo only for your github username with auto token refresh...
It's not an official Anthropic solution I am afraid but probably the best next thing as it's now been more than a month we are waiting for this...
I understand the closest way to Option:C is to use the /install-github-app command released in v1.0.44 or the claude setup-token. Thank you, Anthropic. https://github.com/anthropics/claude-code-action/issues/4#issuecomment-3046770474
Seeing as there's no EXPLICIT confirmation from anthropic several months later, I'm hoping I'm safe to switch my claude code github actions (which one other dev uses) to my max20 subscription key...
This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
But we can only access these through claude.ai's web UI, which has serious stability issues (lag, freezes, crashes, input replacement bugs). Claude Code CLI uses separate API billing.
What? This is not the case
But we can only access these through claude.ai's web UI, which has serious stability issues (lag, freezes, crashes, input replacement bugs). Claude Code CLI uses separate API billing.
What? This is not the case
No joke Claude Code thought this was the right one to comment on after duplicate bot. Deleting. They took part of the original post and tried to adapt it poorly
No joke Claude Code thought this was the right one to comment on after duplicate bot. Deleting. They took part of the original post and tried to adapt it poorly
You are the one who posted the comment though? I don't understand what you are saying.
No joke Claude Code thought this was the right one to comment on after duplicate bot. Deleting. They took part of the original post and tried to adapt it poorly
You are the one who posted the comment though? I don't understand what you are saying.
Then you don't know how Claude code works.
No joke Claude Code thought this was the right one to comment on after duplicate bot. Deleting. They took part of the original post and tried to adapt it poorly
You are the one who posted the comment though? I don't understand what you are saying.
Then you don't know how Claude code works.
Wait, you have Claude Code posting github comments on your behalf without your approval? Please don't do that.