fix(auth): migrate Anthropic OAuth endpoints to platform.claude.com#2741
Closed
kshitijk4poor wants to merge 2 commits into
Closed
fix(auth): migrate Anthropic OAuth endpoints to platform.claude.com#2741kshitijk4poor wants to merge 2 commits into
kshitijk4poor wants to merge 2 commits into
Conversation
Anthropic migrated their OAuth infrastructure from console.anthropic.com and claude.ai to platform.claude.com. Claude Code v2.1.81 already uses the new endpoints, but Hermes was still pointing to the old ones — causing "Invalid bearer token" (401) errors on every OAuth-authenticated API call. Changes: - Token URL: console.anthropic.com → platform.claude.com - Redirect URI: console.anthropic.com → platform.claude.com - Authorize URL: claude.ai → platform.claude.com - Add missing scopes: user:file_upload, user:mcp_servers, user:sessions - Deduplicate CLIENT_ID constant in _refresh_oauth_token() - Align _refresh_oauth_token() to use JSON body (matching all other token exchange calls) instead of form-urlencoded
Deduplicate the identical OAuth token refresh HTTP call that was copy-pasted between _refresh_oauth_token() and refresh_hermes_oauth_token(). Both callers now delegate the HTTP exchange to _exchange_refresh_token() and only handle credential persistence themselves.
teknium1
added a commit
that referenced
this pull request
Mar 26, 2026
…llback Anthropic migrated their OAuth infrastructure from console.anthropic.com to platform.claude.com (Claude Code v2.1.81+). Update _refresh_oauth_token() to try the new endpoint first, falling back to the old one for tokens issued before the migration. Also switches Content-Type from application/x-www-form-urlencoded to application/json to match current Claude Code behavior. Salvaged from PR #2741 by kshitijk4poor.
2 tasks
teknium1
added a commit
that referenced
this pull request
Mar 26, 2026
…llback (#3246) Anthropic migrated their OAuth infrastructure from console.anthropic.com to platform.claude.com (Claude Code v2.1.81+). Update _refresh_oauth_token() to try the new endpoint first, falling back to the old one for tokens issued before the migration. Also switches Content-Type from application/x-www-form-urlencoded to application/json to match current Claude Code behavior. Salvaged from PR #2741 by kshitijk4poor.
Contributor
|
Merged via PR #3246. Your OAuth endpoint migration fix was salvaged onto current main — the PKCE flow your PR also modified was removed in 910ec7e, so only the surviving |
angelburgosrosado
pushed a commit
to angelburgosrosado/hermes-agent
that referenced
this pull request
Apr 27, 2026
…llback (NousResearch#3246) Anthropic migrated their OAuth infrastructure from console.anthropic.com to platform.claude.com (Claude Code v2.1.81+). Update _refresh_oauth_token() to try the new endpoint first, falling back to the old one for tokens issued before the migration. Also switches Content-Type from application/x-www-form-urlencoded to application/json to match current Claude Code behavior. Salvaged from PR NousResearch#2741 by kshitijk4poor.
02356abc
pushed a commit
to 02356abc/hermes-agent
that referenced
this pull request
May 14, 2026
…llback (NousResearch#3246) Anthropic migrated their OAuth infrastructure from console.anthropic.com to platform.claude.com (Claude Code v2.1.81+). Update _refresh_oauth_token() to try the new endpoint first, falling back to the old one for tokens issued before the migration. Also switches Content-Type from application/x-www-form-urlencoded to application/json to match current Claude Code behavior. Salvaged from PR NousResearch#2741 by kshitijk4poor.
olympus-terminal
pushed a commit
to olympus-terminal/hermes-agent
that referenced
this pull request
May 16, 2026
…llback (NousResearch#3246) Anthropic migrated their OAuth infrastructure from console.anthropic.com to platform.claude.com (Claude Code v2.1.81+). Update _refresh_oauth_token() to try the new endpoint first, falling back to the old one for tokens issued before the migration. Also switches Content-Type from application/x-www-form-urlencoded to application/json to match current Claude Code behavior. Salvaged from PR NousResearch#2741 by kshitijk4poor.
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
…llback (NousResearch#3246) Anthropic migrated their OAuth infrastructure from console.anthropic.com to platform.claude.com (Claude Code v2.1.81+). Update _refresh_oauth_token() to try the new endpoint first, falling back to the old one for tokens issued before the migration. Also switches Content-Type from application/x-www-form-urlencoded to application/json to match current Claude Code behavior. Salvaged from PR NousResearch#2741 by kshitijk4poor.
Egavasyug
pushed a commit
to Egavasyug/hermes-agent
that referenced
this pull request
Jun 10, 2026
…llback (NousResearch#3246) Anthropic migrated their OAuth infrastructure from console.anthropic.com to platform.claude.com (Claude Code v2.1.81+). Update _refresh_oauth_token() to try the new endpoint first, falling back to the old one for tokens issued before the migration. Also switches Content-Type from application/x-www-form-urlencoded to application/json to match current Claude Code behavior. Salvaged from PR NousResearch#2741 by kshitijk4poor.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Anthropic migrated their OAuth infrastructure from
console.anthropic.com/claude.aitoplatform.claude.com. Claude Code v2.1.81 already uses the new endpoints, but Hermes was still pointing at the old ones — causing 401 "Invalid bearer token" errors on every OAuth-authenticated API call.How this was discovered: Extracted API URLs from the Claude Code v2.1.81 binary (
stringson the Mach-O executable) and compared them against Hermes's hardcoded endpoints. All three OAuth URLs had changed:claude.ai/oauth/authorizeplatform.claude.com/oauth/authorizeconsole.anthropic.com/v1/oauth/tokenplatform.claude.com/v1/oauth/tokenconsole.anthropic.com/oauth/code/callbackplatform.claude.com/oauth/code/callbackAdditional fixes in the same file
user:file_upload,user:mcp_servers,user:sessionsCLIENT_IDin_refresh_oauth_token()— was hardcoding the UUID instead of using the shared_OAUTH_CLIENT_IDconstant_refresh_oauth_token()Content-Type fromapplication/x-www-form-urlencodedtoapplication/json, matching every other token exchange call in the fileAfter merging
Users with existing Hermes OAuth credentials will need to re-authenticate since tokens from the old endpoint are no longer valid:
Test plan
pytest tests/test_anthropic_adapter.py tests/test_anthropic_oauth_flow.py— 79 passed