How to Fix Claude Code Login Errors (403 and ECONNREFUSED): A Real Troubleshooting Guide

I heard that Anthropic just released a “NO_FLICKER” mode for Claude Code. It’s supposed to stop the annoying terminal flickering once and for all. I opened my terminal, ready to try it out with this command:

CLAUDE_CODE_NO_FLICKER=1 claude

Then I hit a wall right at the start. The terminal said:

Login OAuth error: Request failed with status code 403

What followed was a half‑hour journey through five separate pitfalls. The last one was hidden in a place I never thought to look. This article is my complete troubleshooting log. I hope it saves you the same trouble.

§

What Actually Happened

After running claude, the OAuth login process failed immediately with a 403 error. My first thought was the network – using tools like this from certain regions always makes you suspect the proxy or VPN.

I checked my system proxy settings. The VPN looked like it was running. But the error didn’t go away. Then I tried setting proxy environment variables manually. That changed the error to:

OAuth error: connect ECONNREFUSED 127.0.0.1:8080

Port 8080 refused the connection. That meant Claude Code was trying to reach a local proxy that didn’t exist.

§

Quick Decision Tree: Identify Your Network Mode First

Before you dive into the details, use this table to find your situation quickly.

Your network setup What to do Watch out for
System‑level VPN (StealthVPN / WireGuard / OpenVPN) Do not set any proxy environment variables. Just run claude. If it still fails, check ~/.claude/ config files for leftover proxy settings.
Application‑level proxy (Clash / V2ray / OpenWeb) Find your local proxy port (Clash default: 7890, V2ray default: 10809). Then run export https_proxy=http://127.0.0.1:port Remember that HTTP and HTTPS proxy variables are separate.
You don’t want to mess with networks Use an API key: export ANTHROPIC_API_KEY=sk-ant-xxx && claude This bypasses OAuth completely. Recommended for tricky network environments.

Below I explain every trap behind this decision tree.

§

Pitfall 1: OpenWeb Mode Is Not a Real System‑Level VPN

I had been using Astrill VPN in OpenWeb mode. In the settings I checked “Tunnel: All apps” and “Set System Proxy”. The status bar even said “All applications are tunneled over VPN”. That looked completely global.

But here is the catch: OpenWeb’s “global” mode actually works through a system HTTP proxy. It starts a local proxy service on 127.0.0.1:8080 and tells the operating system to use that address for HTTP and HTTPS traffic.

The problem is that not all command‑line tools respect the system proxy settings. Some tools – especially those written in Node.js – read environment variables like http_proxy and https_proxy. Others implement their own proxy logic. If a tool ignores the system proxy, it will try to connect directly. That leads to 403 errors or connection failures.

The fix: Switch to StealthVPN mode. This is a true system‑level VPN tunnel. It uses a virtual network interface to capture all traffic. No HTTP proxy is involved. No matter how a command‑line tool handles network requests, the VPN tunnel forces everything through.

§

Pitfall 2: Using PowerShell Syntax in a macOS Bash Shell

After switching to StealthVPN, I thought I would add some manual proxy variables just to be safe. I found a command online and copied it directly:

$env:https_proxy="http://127.0.0.1:8080"

The terminal replied: No such file or directory.

The reason was simple and embarrassing: $env: is Windows PowerShell syntax for setting environment variables. I was using macOS bash (or zsh). On macOS you use export:

export https_proxy=http://127.0.0.1:8080

Lesson learned: Always check your terminal environment before pasting commands. macOS and Linux use export. Windows uses $env: or set. This mistake feels silly, but it is very easy to make when you are moving fast.

§

Pitfall 3: Never Manually Set Proxy Variables in StealthVPN Mode

After running export https_proxy=http://127.0.0.1:8080, I tried claude again. This time the error changed:

OAuth error: connect ECONNREFUSED 127.0.0.1:8080

Connection refused. I checked – in StealthVPN mode, there is no service listening on port 8080. Because the traffic goes through the virtual network interface, there is no local proxy server at all. By manually setting https_proxy, I was telling Claude Code to send its requests to an address that did nothing.

The fix: Clear all proxy environment variables.

unset https_proxy
unset http_proxy
unset all_proxy
unset HTTP_PROXY
unset HTTPS_PROXY

Note that environment variables are case‑sensitive. So you need to clear both the lowercase and uppercase versions.

§

Pitfall 4: Environment Variables Are Clean – But the Error Stays

After running the unset commands, I typed env | grep -i proxy to confirm. The output was empty – good. I also went to macOS System Settings → Network → Proxies and turned everything off. In theory, that should have solved it.

But when I ran claude again, I still got ECONNREFUSED 127.0.0.1:8080.

Something was still telling Claude Code to use port 8080. I searched in two places:

  • ~/.claude/settings.json
  • ~/.claude.json

And there it was. Claude Code had cached the old proxy settings in its own configuration files. Probably during an earlier run, the tool had automatically written the environment variables or system proxy settings into those files. Later, even after I cleaned the environment, the cached values in the config files stayed active.

The fix: Open ~/.claude/settings.json (if it exists), find any proxy‑related fields, and delete or comment them out. Do the same for ~/.claude.json. After cleaning both files, restart your terminal. Then run claude again. This time the OAuth login page finally appeared.

§

The Ultimate Fallback: Use an API Key to Bypass OAuth

If you do not want to deal with VPN modes, environment variables, or config file caches, there is a one‑step method: use an Anthropic API Key. This completely skips the OAuth flow.

export ANTHROPIC_API_KEY=sk-ant-your-key
claude

Why this works better for many people:

  • No browser redirects. No OAuth callbacks that can break.
  • No proxy configuration needed – as long as your network can reach the Anthropic API.
  • It works with any VPN mode, any local proxy, or no proxy at all.

How to get an API Key: Log into your Anthropic console. On the left menu, find API Keys. Click to create a new key. Copy the key (it starts with sk-ant-) and paste it into the command above.

One note: Using an API key gives you the same core features as OAuth login, but billing may work differently. Make sure your API key has enough credits before you start.

§

Practical Advice for Claude Code Users in Complex Network Environments

Based on everything I ran into, here are five tips – especially useful if your internet connection is not straightforward.

  1. Use an API key as your first choice
    This is the least painful method. No OAuth, no proxy headaches, no hidden caches. One line and you are in.

  2. If you must use OAuth, pick a system‑level VPN
    StealthVPN, WireGuard, and OpenVPN (in TUN mode) are system‑level VPNs. They use a virtual network interface and do not rely on HTTP proxies. Application‑level proxies (like OpenWeb or Clash in HTTP proxy mode) cause many of the problems described here.

  3. Know your terminal syntax
    macOS / Linux: export VAR=value
    Windows: $env:VAR="value" or set VAR=value
    Double‑check before you copy a command from the web.

  4. After switching network modes, check three places for leftovers

    • Environment variables: env | grep -i proxy
    • System proxy settings: macOS System Preferences → Network → Advanced → Proxies
    • Claude Code config files: ~/.claude/settings.json and ~/.claude.json

  5. Do not ignore the configuration file cache
    This is the most hidden trap. Even when your environment and system settings are perfectly clean, a stale proxy entry inside ~/.claude/ can break everything. Always check there when the error makes no sense.

§

A Quick Note on the NO_FLICKER Mode

After fixing all the login issues, I finally ran the command that started this whole adventure:

CLAUDE_CODE_NO_FLICKER=1 claude

The result was exactly as advertised – smooth. No more constant flickering or screen redrawing. Long sessions feel much more stable. If you are also struggling with login errors, fix your network and proxy setup first, then try NO_FLICKER.

By the way: During my troubleshooting I also downloaded Clash as a possible replacement. It not only failed to help, but it also interfered with my existing Astrill setup. I ended up uninstalling it. If you already have a VPN that works, try not to run multiple proxy tools at the same time. Debugging becomes a nightmare.

§

Frequently Asked Questions (FAQ)

Why do I get a 403 error when logging in to Claude Code?

A 403 status code usually means the OAuth request was rejected by the server. Common causes include:

  • Incorrect proxy configuration – the request headers may be modified or blocked.
  • Using an application‑level proxy (like OpenWeb mode) while the command‑line tool does not respect the system proxy.
  • The exit IP address is restricted.

How do I fix ECONNREFUSED 127.0.0.1:8080?

This error means Claude Code tried to connect to port 8080 on your own machine, but nothing was listening there. The usual reasons are:

  • You set http_proxy or https_proxy to 127.0.0.1:8080, but no proxy service is actually running on that port.
  • Or Claude Code’s configuration files have cached an old proxy setting.

Solution: First, unset all proxy environment variables. Then check the ~/.claude/ directory and delete any proxy fields in the JSON config files.

I use Clash or V2ray. How should I set things up?

Application‑level proxies require manual environment variables. Find your proxy software’s listening port (Clash default: 7890, V2ray default: 10809). Then run:

export https_proxy=http://127.0.0.1:7890
export http_proxy=http://127.0.0.1:7890

After that, run claude. If you still get errors, try switching your proxy to “global mode” or “TUN mode” – those are system‑level and do not need environment variables.

How do I completely wipe Claude Code’s configuration?

The configuration files are located at:

  • ~/.claude/settings.json – user settings
  • ~/.claude.json – authentication and general settings

You can back them up (just in case) and then delete them. After deleting, restart your terminal. You will need to log in again.

What is the difference between API key login and OAuth login?

Feature API Key Login OAuth Login
Network dependency Only needs access to the Anthropic API Needs browser callbacks and a stable proxy
Setup complexity One line May require proxy configuration
Best for Complex networks, restricted regions Simple, direct connections

Both methods give you the same core Claude Code features. If you are in an environment with network restrictions, the API key is the clear winner.

claude: command not found – what do I do?

That means Claude Code is not installed. Install it via npm:

npm install -g @anthropic-ai/claude-code

Or follow the official installation instructions from Anthropic.

§

Final Thoughts

This troubleshooting experience taught me something important: toolchain configuration problems are rarely caused by a single thing. A simple 403 error can involve your VPN mode, your terminal syntax, leftover environment variables, and cached configuration files – all at the same time.

The most hidden trap was the configuration file cache inside ~/.claude/. It was the last place I looked, and it was the key to solving the problem. If you have cleaned your environment variables and system proxy settings but the error still points to an old proxy address, check those JSON files first.

And if you just want to get work done without any of this hassle, use an API key. It bypasses the entire OAuth and proxy maze.

I hope this log saves you the half‑hour I lost – and maybe a few hair follicles as well.

§

If you use Claude Code from a region with a complex network, and you have run into other strange problems, feel free to share your experiences. We can all learn from each other.