wrangler incorrectly believes a CLOUDFLARE_API_TOKEN is set and refuses to login

[samkelleher]

What versions & operating system are you using?

wrangler whoami

⛅️ wrangler 4.33.1
───────────────────
Getting User settings...
Checking if domain has Access enabled: dash.cloudflare.com
Access switch not cached for: dash.cloudflare.com
Caching access switch for: dash.cloudflare.com
✘ [ERROR] You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the environment to log in via OAuth.



✘ [ERROR] Not logged in.

echo $CLOUDFLARE_API_TOKEN >> prints nothing env prints env, none of which are cloudflare related

Please provide a link to a minimal reproduction

No response

Describe the Bug

Simply can't login, fresh install on a MacOS, using node 24. Tool is dead on arrival.

Please provide any relevant error logs

 ⛅️ wrangler 4.33.1
───────────────────
Getting User settings...
Checking if domain has Access enabled: dash.cloudflare.com
Access switch not cached for: dash.cloudflare.com
Caching access switch for: dash.cloudflare.com
✘ [ERROR] You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the environment to log in via OAuth.



✘ [ERROR] Not logged in.


Error: Not logged in.
    at requireLoggedIn (/Users/REDACTED/Developer/REDACTED/node_modules/wrangler/wrangler-dist/cli.js:49875:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async performApiFetch (/Users/REDACTED/Developer/REDACTED/node_modules/wrangler/wrangler-dist/cli.js:49783:3)
    at async fetchInternal (/Users/REDACTED/Developer/REDACTED/node_modules/wrangler/wrangler-dist/cli.js:49824:20)
    at async fetchResult (/Users/REDACTED/Developer/REDACTED/node_modules/wrangler/wrangler-dist/cli.js:50001:16)
    at async getTokenType (/Users/REDACTED/Developer/REDACTED/node_modules/wrangler/wrangler-dist/cli.js:149676:5)
    at async getAuthType (/Users/REDACTED/Developer/REDACTED/node_modules/wrangler/wrangler-dist/cli.js:149667:21)
    at async getUserInfo (/Users/REDACTED/Developer/REDACTED/node_modules/wrangler/wrangler-dist/cli.js:149649:20)
    at async whoami (/Users/REDACTED/Developer/REDACTED/node_modules/wrangler/wrangler-dist/cli.js:149534:16)
    at async Object.handler (/Users/REDACTED/Developer/REDACTED/node_modules/wrangler/wrangler-dist/cli.js:149845:9)
Metrics dispatcher: Dispatching disabled - would have sent {"deviceId":"REDACTED","event":"wrangler command errored","timestamp":1756828183340,"properties":{"amplitude_session_id":REDACTED,"amplitude_event_id":1,"wranglerVersion":"4.33.1","osPlatform":"Mac OS","osVersion":"Darwin Kernel Version 24.6.0: Mon Jul 14 11:30:51 PDT 2025; root:xnu-11417.140.69~1/RELEASE_ARM64_T8112","nodeVersion":24,"packageManager":"npm","isFirstUsage":false,"configFileType":"jsonc","isCI":false,"isPagesCI":false,"isWorkersCI":false,"isInteractive":true,"hasAssets":true,"argsUsed":[],"argsCombination":"","command":"wrangler whoami","args":{},"durationMs":365,"durationSeconds":0.365,"durationMinutes":0.006083333333333333,"errorType":"UserError"}}.

[samkelleher]

Figured it out:

1. Login via oAuth. Then either revoke it or wait for it to require refreshing.
2. Later, set an API key.

Because the oAuth credentials are stored in localstate. It checks them and sees that it needs to refresh, then tries to refresh. The next code sees the API key set and refuses to start the login flow. So we end up in a stale mate. The solution is to not load/check/refresh any oAuth credentials in the stored localstate when there is an API key present.

[tsteuwer-accesso]

I'm also having this issue. Will go try what you said. But if it fails, why doesn't it just try to relogin via OAuth?

[xylarshayu]

Figured it out:

1. Login via oAuth. Then either revoke it or wait for it to require refreshing.
2. Later, set an API key.

Because the oAuth credentials are stored in localstate. It checks them and sees that it needs to refresh, then tries to refresh. The next code sees the API key set and refuses to start the login flow. So we end up in a stale mate. The solution is to not load/check/refresh any oAuth credentials in the stored localstate when there is an API key present.

But how do you log in with oAuth?

[jamiechapman]

Not sure if this helps, but I just ran into this same issue. The problem was I had CLOUDFLARE_API_TOKEN defined in an .env file. Make sure all .env* files don't have a key called CLOUDFLARE_API_TOKEN or I'll confuse wrangler. Try wrangler logout and then wrangler login to complete OAuth.