Skip to content

feat(auth): add Anthropic OAuth support for Claude Pro/Max subscriptions#119

Merged
spachava753 merged 4 commits intomainfrom
feat/anthropic-oauth
Dec 21, 2025
Merged

feat(auth): add Anthropic OAuth support for Claude Pro/Max subscriptions#119
spachava753 merged 4 commits intomainfrom
feat/anthropic-oauth

Conversation

@spachava753
Copy link
Copy Markdown
Owner

@spachava753 spachava753 commented Dec 21, 2025

Summary

Adds OAuth authentication support for Anthropic, allowing users to authenticate with their Claude Pro/Max subscription instead of API keys. This enables using subscription credits directly.

Closes #109

Changes

  • Add internal/auth/ package with PKCE flow, token storage, and OAuth transport
  • Add cpe auth login anthropic, cpe auth logout anthropic, and cpe auth status commands
  • Add auth_method: oauth config option for Anthropic models
  • Prepend Claude Code identifier to system prompt (required by Anthropic for OAuth token validation)

Usage

# Login with OAuth
cpe auth login anthropic

# Configure model to use OAuth
models:
  - ref: opus
    type: anthropic
    auth_method: oauth  # Use OAuth instead of api_key_env
    # ...

@spachava753
feat(auth): add Anthropic OAuth support for Claude Pro/Max subscriptions
bf6aba0 
This adds OAuth-based authentication for Anthropic, allowing users to use their Claude Pro/Max subscription credits instead of API keys.

New `cpe auth` commands enable authentication management:
- `cpe auth login anthropic` - Start OAuth flow via browser
- `cpe auth logout anthropic` - Remove stored credentials
- `cpe auth status` - Show authentication status

The implementation follows Anthropic's OAuth 2.0 flow with PKCE, storing tokens at `~/.config/cpe/auth.json`. When OAuth credentials exist, they're used automatically for Anthropic requests; otherwise falls back to API key authentication.

Closes #109
@spachava753
feat(config): add explicit auth_method field for OAuth vs API key sel…
3deaf2a 
…ection

Adds `auth_method` field to model configuration, allowing explicit control over authentication. This enables users to define separate model refs for OAuth and API key authentication, supporting the pattern of falling back to API credits when subscription limits are reached.

Validation uses `required_unless` struct tag for `api_key_env` and custom validation to ensure `oauth` is only valid for the anthropic provider.
@spachava753
fix(auth): add Claude Code identifier for OAuth token validation
ef68bfa 
Anthropic requires OAuth tokens to include a specific system prompt identifier to validate that the request is coming from an authorized Claude Code client. Without this, requests fail with "This credential is only authorized for use with Claude Code."

The fix prepends "You are Claude Code, Anthropic's official CLI for Claude." as the first system message when using OAuth authentication, matching the pattern used by other Claude Code implementations like OpenCode.

Also improves beta header handling in the OAuth transport to properly merge existing and required headers without duplicates.
@spachava753
style: format code with go fmt
1fd8fb8
@spachava753 spachava753 merged commit ba1169c into main Dec 21, 2025
@spachava753 spachava753 deleted the feat/anthropic-oauth branch April 10, 2026 00:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Enhancement]: Support Anthropic Monthly Plans (Claude Pro/Max) via OAuth

1 participant

@spachava753