Feature Request: Support Claude Subscription Auth (OAuth) as Alternative to API Keys

[henrikrexed]

Problem Statement

Currently, Sympozium only supports API key authentication for LLM providers via authSecretRef in AgentRun and authRefs in SympoziumInstance. This means users must have a paid API account with per-token billing.

However, many developers and teams already have Claude Pro/Team/Enterprise subscriptions (flat-rate) that include API access. These subscriptions authenticate via OAuth, not API keys. Today there's no way to use a Claude subscription with Sympozium — users are forced to pay twice (subscription + API tokens).

Use Case

As a developer with a Claude Pro subscription, I want to use my existing subscription to power Sympozium agents, so that:

• I don't need a separate API key with per-token billing
• My team can share our Claude Team/Enterprise subscription across Sympozium instances
• We can leverage our existing Anthropic billing relationship
• Air-gapped environments can pre-authenticate without storing long-lived API keys

As a team lead, I want my organization's Claude Enterprise workspace to be the auth backend for all our Sympozium agents, with centralized billing and access control.

Current Auth Flow (API Key)

apiVersion: sympozium.ai/v1alpha1
kind: SympoziumInstance
spec:
  authRefs:
    - provider: anthropic
      secret: anthropic-api-key    # K8s Secret containing API key
  agents:
    default:
      model: claude-sonnet-4-20250514

apiVersion: sympozium.ai/v1alpha1
kind: AgentRun
spec:
  model:
    model: claude-sonnet-4-20250514
    provider: anthropic
    authSecretRef: anthropic-api-key    # Must be API key

Proposed Solution

Add OAuth auth mode to authRefs

apiVersion: sympozium.ai/v1alpha1
kind: SympoziumInstance
spec:
  authRefs:
    - provider: anthropic
      mode: oauth                           # NEW: "apikey" (default) or "oauth"
      secret: anthropic-oauth-credentials   # K8s Secret with OAuth tokens

The Secret would contain the OAuth refresh token (same format as Claude Code CLI's ~/.claude/credentials.json):

apiVersion: v1
kind: Secret
metadata:
  name: anthropic-oauth-credentials
type: Opaque
stringData:
  oauth-token: "eyJ..."
  refresh-token: "eyJ..."
  expires-at: "2026-04-01T00:00:00Z"

Controller handles token refresh

Since agent pods are ephemeral, the Sympozium controller should handle the OAuth token lifecycle:

1. Watch the OAuth credentials Secret
2. Before token expiry, refresh it via Anthropic's OAuth endpoint
3. Update the Secret with the new access token
4. Agent pods always get a valid token when they start

User authenticates once (OAuth flow)
        ↓
Controller stores refresh token in K8s Secret
        ↓
Controller auto-refreshes access token before expiry
        ↓
AgentRun pods mount fresh access token
        ↓
Agent makes API calls with Bearer token (not x-api-key)

Initial authentication

Two options for the initial OAuth setup:

Option A: CLI-based (simplest)

# User authenticates via Claude CLI
claude login

# Extract credentials and create K8s secret
kubectl create secret generic anthropic-oauth \
  --from-file=credentials=$HOME/.claude/credentials.json

Option B: Web endpoint OAuth flow
If Sympozium's web endpoint is enabled, add an OAuth callback endpoint:

GET /auth/anthropic/login    → redirects to Anthropic OAuth
GET /auth/anthropic/callback → receives token, creates/updates Secret

AgentRun changes

The AgentRun CRD would need a new auth mode:

spec:
  model:
    model: claude-sonnet-4-20250514
    provider: anthropic
    authMode: oauth                          # NEW: "apikey" (default) or "oauth"
    authSecretRef: anthropic-oauth-credentials

The agent runner would use Authorization: Bearer <token> instead of x-api-key: <key> when authMode: oauth.

Implementation Considerations

API differences

Aspect	API Key Auth	OAuth Auth
Header	x-api-key: sk-ant-...	Authorization: Bearer eyJ...
Token lifetime	Permanent (until revoked)	Short-lived (needs refresh)
Rate limits	Per-key limits	Per-subscription limits
Billing	Per-token	Flat rate (subscription tier)
Setup	Create key in console	OAuth flow (one-time)

Security considerations

• OAuth refresh tokens should be stored encrypted (K8s Secret + optional Vault)
• Token refresh should happen server-side (controller), never in agent pods
• Failed refresh should alert the operator (not silently fall back to no auth)
• Audit log: which instance/agent used which auth credentials

Provider support

This pattern could extend beyond Anthropic:

Provider	Auth Mode	Notes
Anthropic	OAuth	Claude Pro/Team/Enterprise subscriptions
OpenAI	OAuth	ChatGPT Plus/Team/Enterprise
Google	Service Account / OAuth	Vertex AI, Gemini API
GitHub Copilot	OAuth	GitHub Copilot subscription

Benefits

1. Cost savings: Teams already paying for subscriptions don't need separate API billing
2. Simpler onboarding: No API key management, just "login with your Claude account"
3. Enterprise-friendly: Works with SSO, centralized billing, workspace policies
4. Security: Short-lived tokens vs permanent API keys
5. Claude Code parity: Same auth mechanism as Claude Code CLI — users familiar with it

Prior Art

• Claude Code CLI uses OAuth via claude login — stores credentials at ~/.claude/credentials.json
• OpenClaw supports multiple auth profiles including OAuth-based providers
• GitHub Actions uses OIDC tokens for cloud provider auth (similar pattern)

Summary

Approach	Complexity	User Impact
CLI-based OAuth setup + controller refresh	Medium	High — eliminates API key requirement
Web endpoint OAuth flow	High	Higher — zero-CLI setup possible

[AlexsJones]

Hey @henrikrexed, cool proposal! I took a crack at this and have a working implementation on feat/oauth-auth-mode if you want to poke at it...

The CRD changes, controller plumbing, and agent-runner Bearer auth all work end to end. We also added OAuth as a first-class option in the web UI, TUI wizard, and CLI onboard flow.

A few things I ran into while building it that are worth flagging:

~/.claude/credentials.json doesn't exist. Claude Code actually stores OAuth tokens in the macOS Keychain ("Claude Safe Storage"), not in a flat file. So the proposed Option A workflow (claude login then kubectl create secret --from-file=credentials=...) won't work as described. There's nothing to copy from disk.

Anthropic doesn't have a public OAuth token refresh endpoint. The proposal assumes https://console.anthropic.com/v1/oauth/token with grant_type=refresh_token exists, but Anthropic hasn't documented a public OAuth refresh flow for subscription-based API access. We built the refresh controller anyway (it's ready to go), but we can't actually test it yet.

Claude subscriptions don't currently include API access via OAuth. The subscriptions (Pro/Team/Enterprise) give access to claude.ai and Claude Code, but the API is billed separately through console.anthropic.com. There's no documented way today to use a subscription to make raw API calls with a Bearer token.

So the mechanics are all there, but the feature is blocked on Anthropic actually exposing this capability. Our branch works great as a generic Bearer token auth mode though, which is useful on its own for enterprise setups where tokens come from SSO or admin provisioning..

[henrikrexed]

Thanks @AlexsJones for the fast turnaround and the implementation! Great catches on all 3 points.

You're right about the Keychain issue I assumed credentials were file-based like most CLI tools. The macOS Keychain storage makes the proposed workflow impossible without a helper tool to extract the token.

For the OAuth/subscription gap , this is really an Anthropic limitation, not a Sympozium one. The generic Bearer token auth mode is valuable on its own for enterprise setups. We should keep the feature ready for when Anthropic does expose subscription-based API access (which feels inevitable given the market direction).

A few ideas to work around the blockers:

1.⁠ ⁠Keychain extraction helper: A small CLI that reads from "Claude Safe Storage" keychain entry and outputs the token for piping into ⁠ kubectl create secret ⁠. Something like ⁠ sympozium auth extract-claude-token | kubectl create secret generic claude-oauth --from-literal=token=- ⁠

2.⁠ ⁠Position as "Bearer auth mode" rather than "Claude subscription auth" — it's immediately useful for any enterprise that provisions tokens via SSO, Vault, or admin API

3.⁠ ⁠Track Anthropic's OAuth roadmap — they may expose a proper refresh flow once Claude Max subscription with API access rolls out wider

Want me to test the branch against my benchmark setup? I have kagent and Sympozium running side by side with Anthropic.

[kristof-ringleff]

If I understand articles like this https://thenewstack.io/anthropic-agent-sdk-confusion/ correctly - if you are using the SDK an API key is required (pay per use). If using claude code (like OpenClaw/NemoClaw) you can link it to your existing anthropic subscription (probably the determining factor is if it is still tied to a single developer - so no subscription sharing happens).

Since currently Sympozium uses the SDK some re-architecture would be required to possibly have different agent runtimes by provider. For Anthropic it would bundle claude code and run it via something like

Single-turn (print mode) — the -p / --print flag runs one prompt and exits:

claude -p "Fix the linting errors in src/"

Or maybe it gets routed through a tool?

[AlexsJones]

Good points from everyone here. @kristof-ringleff is right that the SDK requires an API key (pay per use), while Claude Code can be linked to an existing subscription. That distinction matters for how we think about agent runtimes going forward.

We've had similar thoughts about supporting Claude Code as an alternative runtime alongside the SDK-based approach. Running agents via claude -p or through a tool-based routing layer could open up subscription-based access without needing Anthropic to expose a public OAuth refresh flow.

For now, the generic Bearer token auth mode on feat/oauth-auth-mode is useful on its own for enterprise setups. We'll keep an eye on how Anthropic's OAuth and subscription access evolves and revisit the architecture as things develop. This is still a moving target on their end, so we'll need to stay flexible.

@henrikrexed feel free to test the branch against your benchmark setup -- would be great to get feedback from a real side-by-side comparison.

[kristof-ringleff]

Looks like Anthropic tightened this further:

no longer be able to use your Claude subscription limits for third-party harnesses including OpenClaw

See https://www.theverge.com/ai-artificial-intelligence/907074/anthropic-openclaw-claude-subscription-ban