Claude Code 2.1.123 fixes OAuth loops

The situation

Claude Code 2.1.123 is a narrow release, but it matters for teams that rely on shared repository conventions and repeatable sign-in behavior. The changelog says the fix targets OAuth authentication failing with a 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set. In practice, some environments were getting stuck in a bad auth cycle instead of failing cleanly.

That kind of bug is easy to miss in individual use and painful in team use. A single developer can usually re-authenticate and move on. A team may have the same environment variable baked into scripts, onboarding docs, or CI-adjacent shells. When a tool’s auth path depends on a flag like this, the failure mode becomes part of the workflow.

For teams using Claude Code around a shared repo, the release is a reminder that conventions are not only about prompts and code style. They also include environment defaults, how auth is documented in CLAUDE.md, and what people should do when a tool starts looping instead of exiting.

If you are organizing Claude Code adoption across a team, this release fits the broader team conventions problem: make the expected setup explicit, keep the shared repo context current, and define what normal failure looks like.

Walkthrough

1. Check whether your team sets CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 anywhere persistent. Look in shell profiles, repo bootstrap scripts, container entrypoints, and onboarding notes. The point is not to remove the flag blindly; it is to know where it is coming from.

2. Reproduce the auth path in one controlled environment before changing team defaults. If the loop appears only when the flag is present, you have a concrete regression boundary. If it appears elsewhere, the fix may not be the only issue.

3. Update the repo’s shared instructions so the next person does not rediscover the same loop. A short CLAUDE.md note is usually enough:

# CLAUDE.md

## Local setup
- Use the standard Claude Code login flow.
- If auth retries loop after a 401, check whether `CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1` is set in your shell or container.
- Report the exact environment and command used before changing defaults.

4. If your team keeps agent rules alongside repo guidance, add a small guardrail for auth-related failures. Keep it descriptive, not prescriptive:

# .cursor/rules/claude-code.mdc
---
description: Claude Code repo conventions
---

When Claude Code auth fails, do not retry indefinitely.
Capture the environment variable state, the command used, and whether the repo was launched from a clean shell.
Prefer a clean failure over repeated login attempts.

5. Test the fix in the same places your team actually uses Claude Code: a fresh shell, a dev container, and one onboarding path. The goal is to confirm that the release removes the loop without depending on a manual workaround.

6. Treat the release as a documentation trigger. If a single environment variable can change auth behavior, it belongs in the same place as other shared setup rules: the repo README, CLAUDE.md, or your internal onboarding checklist. That is the practical habit this changelog implies.

A useful way to think about this is through the documentation step in our methodology: when a tool fix changes how failures surface, the repo should record the new expectation immediately, not after the next incident.

Tradeoffs and limits

This release note is specific, so it should not be overgeneralized. It does not mean every Claude Code auth issue is caused by CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1, and it does not replace normal OAuth debugging. Teams should still verify account state, network access, and any enterprise auth policy before assuming the flag is the root cause.

There is also a governance tradeoff. Disabling experimental betas may be a deliberate policy choice in some organizations. If so, the right response is not to weaken that policy casually. Instead, document the interaction, confirm the fixed version is deployed, and decide whether the flag should remain part of the standard environment.

Finally, this kind of bug shows why team conventions need a failure section, not just a happy-path setup. If Claude Code is part of your shared workflow, the repo should say what to do when auth loops, what to capture, and who owns the next step. Without that, the same issue becomes a support thread instead of a documented convention.

Further reading

• Claude Code changelog
• What are Skills?
• Use Skills in Claude
• Anthropic Skills repository
• Agent Skills specification
• Create custom skills guide
• Team conventions topic