OAuth Authentication
Use your Claude Pro or Max subscription to authenticate without an API key. Works in both CLI and VS Code Extension.
How It Works
Cdoing uses the same OAuth 2.0 PKCE flow as Claude Code. Log in once, and both CLI and VS Code extension share the same token.
Model Limitation
OAuth currently only supports Claude Haiku 4.5 (claude-haiku-4-5-20251001). For Sonnet or Opus, use an API key.Setup — CLI
1
Run the setup wizard
Type /setup inside the CLI or run cdoing --login from your terminal.
2
Choose Anthropic → OAuth
Select Anthropic as provider, then OAuth as auth method, then Claude Haiku 4.5 as the model.
3
Authorize in browser
A browser window opens to claude.ai/oauth/authorize. Log in and approve the request.
4
Paste the code
Copy the authorization code from the redirect URL and paste it into the CLI. Done — token saved securely.
Setup — VS Code Extension
1
Open Settings
Click the gear icon in the Cdoing chat panel to open Settings.
2
Select OAuth (Free)
Under Authentication, switch from "API Key" to "OAuth (Free)". Click "Login with Claude".
3
Paste the code
VS Code shows an input box — paste the authorization code. Status changes to "Logged in".
Auto-detection
If you already logged in via the CLI, the extension picks up the same tokens automatically — no extra setup needed. Just leave the API Key field empty.Token Storage
| Platform | Storage |
|---|---|
| macOS | Keychain via security CLI |
| Linux | libsecret via secret-tool |
| Windows | Credential Manager via cmdkey |
| Fallback | AES-256-CBC encrypted file at ~/.cdoing/.oauth-tokens.enc |
Both CLI and VS Code extension use the same keychain service (cdoing-agent) via the shared @cdoing/core OAuth module.
Architecture — Shared Module
@cdoing/core (packages/core/src/oauth.ts)
├── Credential storage (Keychain / libsecret / cmdkey)
├── PKCE helpers (code verifier + challenge)
├── Token management (save / load / clear / refresh)
├── resolveOAuthToken() — auto-refresh wrapper
├── generateOAuthUrl() — authorization URL
├── exchangeOAuthCode() — code-to-token exchange
└── getOAuthStatus() — active / expired / none
@cdoing/cli → re-exports core + adds CLI UI (readline, chalk)
@cdoing/vscode → re-exports core + adds VS Code UI (input box)
Troubleshooting
| Error | Cause & Fix |
|---|---|
| 500 Internal Server Error | Wrong model — OAuth only supports claude-haiku-4-5-20251001 |
| 400 Credit balance too low | Extension using API key instead of OAuth. Clear API key in settings. |
| 401 Invalid API key | Token sent as x-api-key instead of Bearer. Re-run /setup. |
| Extension stuck | Rebuild: cd packages/vscode-extension && npm run build, then reload VS Code. |
OAuth Endpoints
| Purpose | URL |
|---|---|
| Authorization | https://claude.ai/oauth/authorize |
| Token exchange | https://console.anthropic.com/v1/oauth/token |
| Redirect URI | https://console.anthropic.com/oauth/code/callback |
| Client ID | 9d1c250a-e61b-44d9-88ed-5944d1962f5e |
| Scopes | org:create_api_key user:profile user:inference |