Introduction
Claude Code showing a 403 error after login? You complete browser authentication successfully, see "You're all set!" and then VS Code instantly throws:
API Error: 403 {"error":{"type":"forbidden","message":"Request not allowed"}}
This is currently one of the most reported Claude Code authentication problems across GitHub, Reddit, and Anthropic support forums. Developers using:
VS Code SSH Remote
WSL2
Corporate VPNs
Proxies
Claude Pro / Max
Enterprise environments
...are all hitting variations of the same issue. The frustrating part? The browser login succeeds — but Claude Code itself still gets denied.
The good news: this error is usually fixable in under 15 minutes once you identify the real cause. This guide covers every known cause with exact commands.
⚡ Quick Fix (Works for Most Users)
Start here before going deeper.
1. Reset Authentication
/logout
rm -rf ~/.claude
claude auth login
2. If Using SSH Remote or WSL2
Use an API key instead of browser OAuth:
export ANTHROPIC_API_KEY=your_api_key
Add it permanently:
Zsh:
echo 'export ANTHROPIC_API_KEY=your_api_key' >> ~/.zshrc
source ~/.zshrc
Bash:
echo 'export ANTHROPIC_API_KEY=your_api_key' >> ~/.bashrc
source ~/.bashrc
3. If Behind VPN or Proxy
export https_proxy=http://127.0.0.1:7890
export http_proxy=http://127.0.0.1:7890
export all_proxy=socks5://127.0.0.1:7890
Then reload shell:
source ~/.zshrc
4. Run Diagnostics
claude doctor
Anthropic officially recommends this command for debugging authentication and network problems.
What the Claude Code 403 Error Actually Means
HTTP 403 means: The server understood your request, but refused access. This is different from a 401 error:
401 = authentication failed (server doesn't know who you are)
403 = authenticated, but access denied (server knows you, but won't let you through)
In Claude Code, a 403 usually means your token is valid and your browser login succeeded BUT the API request itself is blocked. That block can happen because of:
Proxy interference
SSH networking isolation
Missing organization permissions
Expired OAuth state
Region restrictions
Conflicting auth methods
Broken extension updates
Why Claude Code Login 403 Happens
1. SSH Remote Authentication Failure
This is currently the MOST common cause. Developers using VS Code Remote SSH, EC2, Ubuntu servers, Docker containers, or isolated VMs often see browser login succeed but Claude Code still fail with 403.
Why? The browser opens on your LOCAL machine, while Claude Code runs on the REMOTE machine. The OAuth callback never reaches the remote environment. |
Symptoms:
Browser says "You're all set"
VS Code returns to login screen
403 appears immediately
Works locally but fails over SSH
Fix — use manual login flow:
claude auth login
When prompted: press c → copy the login URL → open it locally → authenticate → paste the code back manually. Anthropic officially documents this SSH workaround.
2. Proxy or VPN Misconfiguration
Many developers assume: "My VPN works in Chrome, so Claude Code should work too." Wrong. Terminal apps and Electron apps do NOT automatically inherit proxy settings.
This causes API requests to bypass your VPN, triggering region restrictions and access denied errors.
Fix — add these to your shell config:
export https_proxy=http://127.0.0.1:7890
export http_proxy=http://127.0.0.1:7890
export all_proxy=socks5://127.0.0.1:7890
Reload shell: source ~/.zshrc
Then verify connectivity:
curl https://api.anthropic.com/v1/models
✅ If you get authentication_error in the response, that's GOOD. It means your networking works. You just need valid authentication credentials. |
3. ANTHROPIC_API_KEY Conflict
If you previously set ANTHROPIC_API_KEY and later authenticated using OAuth/browser login, Claude Code can become confused about which method to use. This creates random 403s, login loops, and invalid session behavior.
Option A — Use OAuth Only:
unset ANTHROPIC_API_KEY
claude auth login
Also remove old exports from ~/.zshrc, ~/.bashrc, and ~/.profile
Option B — Use API Key Only:
/logout
export ANTHROPIC_API_KEY=your_key
Then verify with: /status
4. Enterprise Seat or Role Problems
Anthropic officially confirms that some 403 errors occur because the user exists and login succeeds, BUT the organization has not enabled Claude Code access for that seat.
Fix — ask your admin to confirm:
Your seat is active
"Claude Code" role is enabled
"Developer" permissions exist
In Anthropic Console: Settings → Members
5. Region Restrictions
Anthropic does not officially support every country. Some developers discover that browser traffic routes through VPN correctly, but Claude Code's API traffic bypasses the VPN and gets blocked.
Detect region blocking:
curl -v https://claude.ai
If redirected to app-unavailable-in-region, you are region-blocked.
Fix — use all_proxy (not just https_proxy):
export all_proxy=socks5://127.0.0.1:7890
6. Corrupted Local Auth State
Sometimes Claude stores broken tokens in ~/.claude. Repeated logins stack corrupted sessions on top of each other. Fix — completely wipe auth state:
/logout
rm -rf ~/.claude
claude auth login
This resolves many unexplained 403 loops that persist despite re-authentication.
7. Claude Code Update Regressions
Multiple developer reports identified OAuth/login failures after Claude Code updates. Common symptoms include timeout after login, OAuth loops, 403 after successful auth, and the VS Code extension callback never arriving.
Fix — temporarily disable auto-updates:
export CLAUDE_CODE_DISABLE_AUTOUPDATE=1
Or downgrade to the last known stable version via the GitHub releases page.
8. WSL2 DNS & Networking Problems
WSL networking issues can silently break Claude authentication. This commonly appears as "Temporary failure in name resolution" — DNS problems stop Claude from reaching Anthropic endpoints.
Fix DNS in WSL2 — edit /etc/resolv.conf:
nameserver 8.8.8.8
Then restart WSL. This exact issue appears frequently in Ubuntu/WSL troubleshooting threads.
9. Corporate TLS Interception
Corporate environments often inject their own SSL certificates. Claude Code may interpret TLS validation failures as authentication errors.
export NODE_EXTRA_CA_CERTS=/path/to/company-ca.pem
Ask your IT team for the CA bundle path if you don't already have it.
Real Developer Scenario
Case Study: Financial-Services Developer on SSH Remote |
A financial-services developer was connected to an isolated Ubuntu VM over VS Code SSH. Browser login succeeded. VS Code instantly returned 403. The local machine worked fine, but the remote VM consistently failed.
Root cause:
The remote VM had NO internet access. The OAuth callback never reached Claude Code running on the VM.
Fix applied:
Ran claude auth login on the remote terminal
Copied the login URL instead of auto-opening a browser
Opened the URL on the local Windows machine
Pasted the auth code manually back into the remote terminal
Added ANTHROPIC_API_KEY to ~/.bashrc as a permanent fallback
Configured https_proxy with the corporate proxy address
✅ Result: Claude Code fully operational within 20 minutes.
Advanced Debugging Commands
Check Active Environment Variables
env | grep -i proxy
env | grep -i anthropic
env | grep -i claude
Test Raw API Access
curl -H "x-api-key: YOUR_KEY" https://api.anthropic.com/v1/models
Verify Login State
/status
Run Full Diagnostics
claude doctor
Common Mistakes to Avoid
❌ Assuming browser success means Claude Code success Browser auth success does NOT guarantee the extension received the token — especially in SSH environments. |
❌ Mixing OAuth and API keys simultaneously This causes random, hard-to-diagnose authentication behavior. Pick ONE method and stick with it. |
❌ Forgetting to reload the shell after changing env vars Always run: source ~/.zshrc (or ~/.bashrc) after any change to your shell config. |
❌ Using https_proxy without setting all_proxy SOCKS traffic bypasses your VPN if all_proxy is missing. Set all three proxy variables. |
Best Fix by Scenario
Scenario | Best Fix |
VS Code SSH Remote | Manual auth flow |
WSL2 | Fix DNS + API key |
Corporate VPN | Set proxy vars manually |
OAuth loops | Delete ~/.claude |
Enterprise org | Verify seat permissions |
Region blocked | Use all_proxy |
Broken update | Disable auto-update |
CI/CD or containers | Use API key only |
FAQ
Because the OAuth callback never reached Claude Code. This commonly happens in SSH remote environments where the browser runs locally but Claude Code runs on a remote VM with no internet access. The browser authorization succeeds, but the token delivery fails.
Set proxy environment variables explicitly:
export https_proxy=http://127.0.0.1:7890
export all_proxy=socks5://127.0.0.1:7890
Then reload your shell. Make sure to set all_proxy — not just https_proxy — so SOCKS traffic also routes through your VPN.
For remote VMs, Docker, WSL2, CI/CD pipelines, and SSH environments, API keys are more reliable. OAuth requires browser callback delivery to the machine running Claude Code — which isn't always possible in headless or isolated environments.
Usually no. Most 403 errors are caused by proxy issues, org permission settings, SSH networking isolation, broken auth state, or VPN misconfigurations not account-level bans. If you've ruled everything else out, contact Anthropic support with your claude doctor output attached.
Browser traffic and CLI traffic may route completely differently through proxies, VPNs, or SSH tunnels. Your browser uses system proxy settings; the Claude Code terminal and Electron app do not inherit those settings automatically.
Final Verdict
The Claude Code login 403 error sounds complicated, but most cases come down to one of four root causes:
SSH remote OAuth callback failure
Proxy or VPN misconfiguration
OAuth vs API key conflicts
Enterprise seat permission issues
The fastest fix for most developers:
rm -rf ~/.claude
claude auth login
If you're using SSH, WSL2, Docker, or any isolated/headless environment:
export ANTHROPIC_API_KEY=your_key
Then always run:
claude doctor
...and verify your environment step-by-step. Once networking and authentication align correctly, Claude Code works reliably and fast.
Suggested Internal Links
How to Install Claude Code on Windows 11
Claude Code Command Not Found Fix
Claude Code Proxy Configuration Guide
Claude Code vs GitHub Copilot
Best Claude Code Commands for Develop
Learn more with Hustle to AI