# When Your Claude Subscription Became a Walled Garden In October 2024, Anthropic launched Claude Code—a developer-focused CLI that let you pipe your Max subscription into any workflow. Within weeks, open-source tooling sprung up to use those credentials elsewhere. By January 2026, that party was over. ## The Adoption Phase Third-party tools like OpenCode, Roo Code, and KiloCode started advertising "Log in with Anthropic to use your Claude Pro or Max account" as a feature. Developers authenticated once and unlocked Claude models across VSCode extensions, autonomous coding loops, and proxy layers. The convenience was obvious: one subscription, infinite integrations. OpenCode—sitting at 37,000 GitHub stars—became the poster child. Created in March 2024, it grew into a VSCode extension that treated your Claude credentials as a universal API key. Roo Code followed a similar path. Even niche projects like Ralph, an "autonomous AI development loop" named after Ralph Wiggum, assumed this OAuth flow would just work. ## The Clampdown On January 9th, 2026, the error message appeared: `This credential is only authorized for use with Claude Code and cannot be used for other API requests.` **anomalyco/opencode#7471** reported it first—users hitting a hard block when trying to authenticate. **code-yeongyu/oh-my-opencode#626** described the fallout: credentials rejected, tools falling back to separate paid backends. By January 14th, **Kilo-Org/kilocode#5038** confirmed KiloCode was blocked too, noting "After OpenCode, KiloCode is also blocked by Anthropic." GitHub search reveals 46 issues containing that exact error string across 10+ repositories. The pattern was consistent: OAuth flows that previously returned Max subscription credentials now returned Claude Code–scoped tokens with restricted permissions. **clawdbot/clawdbot#1189** documented the technical shift—OAuth returning "Claude Code-restricted credentials instead of Claude Max subscription credentials." Some developers tried header manipulation; **BerriAI/litellm#19017** requested an option to override the default `User-Agent` header to avoid blocks. ## The Fallout For tools relying on this OAuth pattern, the change was existential. OpenCode's **#7456** attempted a fix but couldn't bypass the credential scope enforcement. oh-my-opencode fell back to its "Sisyphus" managed backend, which required separate payment. Some projects went dark. The irony: Claude Code itself remained a best-in-class developer tool. The issue wasn't functionality—it was that credentials provisioned for Claude Code could no longer escape its sandbox. What looked like an open API surface turned out to have invisible walls. Reports from paddo.dev claimed competitive dynamics at play, but without primary receipts, those remain speculation. What's undisputed: a GitHub search on that error string tells the story of an ecosystem built on implicit permissions that evaporated overnight. ## The Takeaway If you're building on third-party credentials, assume the terms of service are a moving target. OAuth scopes can tighten. API surfaces can wall off. The real question isn't whether your integration works today—it's whether you have a fallback when the vendor decides it shouldn't.