Skip to content

fix: use openclaw-control-ui client identity for gateway scope bypass#22

Merged
ngmaloney merged 1 commit into
mainfrom
fix/gateway-scope-client-id
Mar 18, 2026
Merged

fix: use openclaw-control-ui client identity for gateway scope bypass#22
ngmaloney merged 1 commit into
mainfrom
fix/gateway-scope-client-id

Conversation

@ngmaloney
Copy link
Copy Markdown
Owner

@ngmaloney ngmaloney commented Mar 18, 2026

Problem

After upgrading the OpenClaw gateway, ClawChat connections fail with missing scope: operator.read / operator.write errors on every request.

Cause

The new gateway version enforces scope-based auth and clears scopes for clients without device identity — unless the client identifies as openclaw-control-ui (which gets the dangerouslyDisableDeviceAuth bypass). ClawChat was identifying as cli, so the bypass never applied.

Fix

Change client.id from cli to openclaw-control-ui and client.mode from cli to webchat in the connect handshake (4 lines in gateway-client.ts).

fix: use openclaw-control-ui client identity for gateway scope bypass
3f4933c 
The upgraded gateway clears scopes for non-control-ui clients without
device identity. ClawChat was identifying as 'cli' which meant the
dangerouslyDisableDeviceAuth bypass didn't apply, causing
'missing scope: operator.read/write' errors on every request.
@ngmaloney ngmaloney merged commit 8e85499 into main Mar 18, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ngmaloney