Hi — running into a reproducible OAuth issue from VPN exits (Japan exit, China user).
Repro:
- Run
jcode login (Claude provider)
- Browser opens, I click "Authorize"
- Callback returns Cloudflare 403 challenge HTML instead of token:
API Error: 403 <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title>
... cf-challenge-platform / cdn-cgi/challenge-platform ...
- After this failure, Claude Code (separate official CLI) on the same machine also fails to log in until I cycle the VPN to a fresh exit IP. Then both work again.
What I think is happening:
- jcode's OAuth callback request appears to trip Cloudflare's bot rules (possibly missing browser-like headers / suspicious UA / different request shape than claude.ai's web flow)
- One failed handshake puts the IP on a CF strike list, which then blocks all OAuth (including the official Claude Code CLI) from that IP for some cooldown window
- Cycling VPN exit IP = fresh reputation = both work
Ask:
- Could the Claude OAuth callback path be made to mirror claude.ai web more closely (User-Agent, Accept, Sec-Fetch-* headers)?
- Or is there a way to opt into the same browser-handoff pattern Claude Code uses (where the browser does the full flow and the CLI just receives the token via localhost callback, never touching CF directly)?
Version: v0.11.1 (1f622e6b), macOS arm64.
Happy to capture more detail (full request headers from the failing callback, etc.) if useful.
Hi — running into a reproducible OAuth issue from VPN exits (Japan exit, China user).
Repro:
jcode login(Claude provider)What I think is happening:
Ask:
Version:
v0.11.1 (1f622e6b), macOS arm64.Happy to capture more detail (full request headers from the failing callback, etc.) if useful.