fix(backend): pass OAuth token to Python subprocess for authentication

The backend Python agent was failing to authenticate because:
- Frontend only passed CLAUDE_CONFIG_DIR to subprocess
- Backend expected .credentials.json in that directory
- Tokens are stored in macOS Keychain, not files

This fix retrieves the OAuth token from Keychain and passes it
as CLAUDE_CODE_OAUTH_TOKEN environment variable to the subprocess,
ensuring backend agents can authenticate successfully.

Fixes authentication failures where task agents report "No OAuth token found"
despite the frontend being authenticated with valid Keychain credentials.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
AndyMik90
2026-01-27 15:43:20 +01:00
parent 399a7e736a
commit 6f1002dd79
@@ -43,6 +43,7 @@ import {
shouldProactivelySwitch as shouldProactivelySwitchImpl,
getProfilesSortedByAvailability as getProfilesSortedByAvailabilityImpl
} from './claude-profile/profile-scorer';
import { getCredentialsFromKeychain } from './claude-profile/credential-utils';
import {
CLAUDE_PROFILES_DIR,
generateProfileId as generateProfileIdImpl,
@@ -732,9 +733,27 @@ export class ClaudeProfileManager {
});
}
return {
// Retrieve OAuth token from Keychain and pass it to subprocess
// This ensures the backend Python agent can authenticate even when
// there's no .credentials.json file in the profile directory
const env: Record<string, string> = {
CLAUDE_CONFIG_DIR: expandedConfigDir
};
try {
const credentials = getCredentialsFromKeychain(expandedConfigDir);
if (credentials.token) {
env.CLAUDE_CODE_OAUTH_TOKEN = credentials.token;
if (process.env.DEBUG === 'true') {
console.warn('[ClaudeProfileManager] Retrieved OAuth token from Keychain for profile:', profile.name);
}
}
} catch (error) {
console.error('[ClaudeProfileManager] Failed to retrieve credentials from Keychain:', error);
// Continue without token - backend will fall back to other auth methods
}
return env;
}
/**