claude.ai onboarding flow fails silently, blocking github app oidc authentication

[Piotr1215]

Describe the bug

The /install-github-app onboarding flow at claude.ai fails silently, preventing users from completing the GitHub App → Anthropic account linking required for OIDC authentication. The onboarding page displays a spinner indefinitely with no error message.

To Reproduce

1. Install the Claude GitHub App on an organization via GitHub
2. Navigate to claude.ai to complete the onboarding/linking process
3. The page shows "Let's create your account" or onboarding wizard
4. Page spins indefinitely, never completes

Browser Console Errors

The following CORS errors appear repeatedly in the browser console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://statsig.anthropic.com/v1/rgstr?...
(Reason: CORS request did not succeed). Status code: (null).

ERROR [Statsig] A networking error occurred during POST request to https://statsig.anthropic.com/v1/rgstr...
TypeError: NetworkError when attempting to fetch resource.

WARN [Statsig] Failed to flush events.

These errors suggest the onboarding page depends on statsig.anthropic.com for feature flags/analytics, but requests are being blocked. This affects users with:

• Firefox Enhanced Tracking Protection
• Privacy-focused browser extensions (uBlock Origin, Privacy Badger, etc.)
• Network-level ad blocking (Pi-hole, etc.)

Expected behavior

1. Onboarding should complete successfully, or
2. If statsig requests fail, the page should gracefully degrade and still allow completion, or
3. At minimum, show a clear error message explaining what's blocking completion

Workflow Result

Because onboarding never completes, the GitHub Action fails with:

Requesting OIDC token...
OIDC token successfully obtained
Exchanging OIDC token for app token...
App token exchange failed: 401 Unauthorized - Invalid OIDC token

The OIDC token is valid (from GitHub), but Anthropic's backend rejects it because the GitHub App installation was never linked to an Anthropic account.

Workaround

Adding github_token: ${{ secrets.GITHUB_TOKEN }} to the workflow bypasses OIDC entirely, but this:

• Loses the claude[bot] branding (comments come from github-actions[bot])
• Disables use_sticky_comment feature

Workflow yml file

- uses: anthropics/claude-code-action@v1
  with:
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
    # github_token: ${{ secrets.GITHUB_TOKEN }}  # Workaround

API Provider

[x] Anthropic First-Party API (default)
[ ] AWS Bedrock
[ ] GCP Vertex

Additional context

• Browser: Firefox with Enhanced Tracking Protection
• GitHub App shows as properly installed on the organization
• The onboarding issue persists even after disabling some tracking protection (other dependencies may also be blocked)
• Multiple users report similar issues in existing GitHub issues (Fails to exchange OIDC token for app token #701, Generated workflow missing github_token parameter for OAuth authentication #721, v1: App token exchange failed #522)

Suggested improvements

1. Make statsig dependency non-blocking for core onboarding functionality
2. Add clear error messaging when onboarding cannot complete
3. Update documentation to prominently feature the github_token workaround
4. Consider making the generated workflow from /install-github-app include github_token by default