#getting auth error

1 messages · Page 1 of 1 (latest)

honest wyvernBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> âś… Mark Solution

neon fableBOT
#

That HTTP 401: authentication_error: OAuth authentication is currently not supported almost always means you’re hitting the OpenAI Platform API (openai/*) with an OAuth token (ChatGPT/Codex sign‑in). OpenAI’s API expects an API key; OAuth is only supported for Codex subscription access via the openai-codex/* provider.

So the fix is usually one of these:

Option 1 — You want OpenAI API (usage/billing-based)

  • Create/confirm a Platform API key and that billing is actually enabled/healthy.
  • Configure OPENAI_API_KEY (or models.providers.openai.apiKey).
  • Make sure your agent model is openai/... (not openai-codex/...).

Docs: https://docs.openclaw.ai/providers/openai (Option A)

Option 2 — You want Codex subscription (ChatGPT sign-in)

  • Login for Codex:
openclaw models auth login --provider openai-codex
  • Make sure your agent model is openai-codex/... (e.g. openai-codex/gpt-5.2).
#

Docs: https://docs.openclaw.ai/providers/openai (Option B)

To confirm what’s happening on your setup

Please paste (redacting secrets):

openclaw --version
openclaw models status

openclaw models status will show which provider/model it’s trying and which auth profile it resolved—then we can tell you exactly whether to switch the model to openai-codex/* or to re-add a real OPENAI_API_KEY.

#

Yep — that /status output proves your primary model is Anthropic and it’s successfully replying right now.

So that HTTP 401 … OAuth authentication is currently not supported error is coming from something else trying to call OpenAI (usually one of these):

  1. Model fallback: Claude hit a billing/quota error → OpenClaw tried a fallback model that’s openai/* (OpenAI Platform) but only has an OAuth token (Codex/ChatGPT sign-in), which the Platform API rejects with that exact 401.

  2. Memory search embeddings: if memorySearch.provider is set (or auto-picked) to OpenAI, it can try OpenAI embeddings and fail if the “key” it sees is actually OAuth.

Quick “tell me what it’s trying” checks

Can you paste the output of:

  • /model status (run that in Discord)
    and also paste the exact “billing error” line you saw earlier (the one that made you try to fix it).

If you want to be Claude-only (stop any OpenAI attempts)

On the gateway host shell, run:

# 
openclaw models status
openclaw models fallbacks list

If you see any openai/... fallbacks, the quick fix is:

openclaw models fallbacks clear
openclaw gateway restart

Once you paste /model status (and the billing error text), I can tell you which of the two paths it is and the minimal change to fix it.

#

Yes — I’m reading you. I just can’t see your gateway config from here, so I need one of these outputs to pinpoint why it tried OpenAI.

Please paste (and redact any keys/tokens):

  1. In Discord chat, run:
  • /model status
  1. On the gateway host (terminal), run:
openclaw models status
openclaw models fallbacks list

Also: please re-paste the exact billing error line you saw right before this started.

Once I have /model status + fallbacks list, I can tell you exactly what’s triggering the OpenAI OAuth 401 and how to stop it.

#

I’m here — and your pasted output is actually really good news:

  • Default = anthropic/claude-opus-4-6
  • Fallbacks = 0
  • Only provider with creds = anthropic
  • No OpenAI / Codex auth showing at all

So with this config, OpenClaw shouldn’t be able to hit OpenAI, meaning that old:

HTTP 401 … OAuth authentication is currently not supported

can only happen if the Discord bot run was using a different Gateway/config than the one you just checked, or it was from before you got back to an Anthropic-only setup.

Two quick commands to confirm “same gateway service / same config”:

# 
openclaw gateway status
openclaw status --all

Paste those outputs (they redact secrets). In particular, openclaw gateway status will tell us if Config (service) differs from Config (cli) — that’s the #1 cause of “I changed X but the bot is still doing Y”.

If the 401 happens again, also grab 10–20 log lines around it:

openclaw logs --follow

and paste the bit containing that request_id: req_... line. That will show exactly which provider/model it was trying at the moment it failed.

#

Thanks — those outputs are super clear.

What this proves

Your running Gateway is definitely using:

  • Default model: anthropic/claude-opus-4-6
  • Fallbacks: none
  • Only configured provider creds: Anthropic
  • Config (cli) == Config (service) and RPC probe ok

So with the Gateway in this state, it should not be able to generate an OpenAI OAuth 401 at all.

That means one of these is true:

  1. That 401 was from earlier (before you got back to this config), or
  2. It’s from a different process/gateway/machine, or
  3. Something is logging an old/stale error and you’re seeing it surfaced in chat without the current run actually doing it.
#

Next step: find the exact log line that produced the 401

Run this on the gateway host:

rg -n "OAuth authentication is currently not supported|authentication_error|req_011CY48DB5y1f6QoxxpaZetL" /tmp/openclaw/openclaw-2026-02-12.log

If it prints matches, paste the matching lines (+ ~20 lines around them).

If it prints nothing, then do this to capture the next time it happens:

  1. In one terminal:
openclaw logs --follow --limit 500
  1. Then send a message to the bot in Discord to trigger the error again, and paste the new log chunk.
#

Also tell me: are you currently still seeing the OAuth 401, or are you back to the original Anthropic “billing” error? The fix depends on which one is actually happening now.

#

Your Gateway config looks clean now (Anthropic only, no fallbacks), so the only way forward is to grab the exact runtime error from logs — otherwise we’re guessing.

Do this (fastest path):

  1. Send a fresh message to the bot in Discord that triggers the failure (e.g. “test”).

  2. Immediately on the gateway host run:

openclaw logs --limit 200
  1. Paste the chunk that contains the error (lines with HTTP ..., billing, authentication_error, or a request_id). Redact any sk-... if it appears.

If you want to directly hunt the old 401 line in today’s file log, run:

rg -n "authentication_error|OAuth authentication is currently not supported|billing|insufficient|quota|req_" /tmp/openclaw/openclaw-2026-02-12.log | tail -n 50
#

Once you paste that error block, I can tell you whether this is:

  • Anthropic billing/quota (fix is on Anthropic side or by swapping auth token/key), or
  • Some other provider being invoked unexpectedly (then we track who is calling it).
#

You nailed the root cause: the context-1m beta header flips you onto an Anthropic path that (right now) doesn’t accept OAuth/setup-token auth, so Anthropic returns:

HTTP 401 authentication_error: OAuth authentication is currently not supported

1) Revert safely (no setup loss)

On the gateway host, find where you added the header:

rg -n "anthropic-beta|context-1m" ~/.openclaw/openclaw.json ~/.openclaw/agents/main/agent/models.json 2>/dev/null || true

Then remove it (usually it’s in one of these places):

  • ~/.openclaw/openclaw.json under a custom provider like models.providers.anthropic.headers
  • or in ~/.openclaw/agents/main/agent/models.json if you edited that directly

Easiest/most reliable: edit the file and delete the anthropic-beta: context-1m-... line (since the key name has a hyphen, CLI config unset can be annoying).

#

Then set your context cap back to 200k:

openclaw config set agents.defaults.contextTokens 200000 --json
openclaw gateway restart

After restart, in Discord run /new once (because your current session is already >200k tokens, so even with the cap fixed it may still error until you reset the thread context).

2) Can you use 1M context with setup-token (OAuth)?

Given the exact 401 you’re getting: no, not currently. That error is Anthropic telling you the endpoint/feature you hit doesn’t support OAuth-style auth.

3) Can you keep setup-token and add an Anthropic API key?

Yes. Add a second Anthropic auth profile (API key) and prefer it:

# 
openclaw models auth add
# pick provider: anthropic
# pick mode: api key
# give it a profile id like: anthropic:api

Then set auth order:

openclaw models auth order set --provider anthropic anthropic:api anthropic:default
openclaw gateway restart

If you paste the output of the rg ... search (just the matching lines), I can tell you exactly which file/path to edit to remove the beta header.

#

~/.openclaw is a hidden folder (the leading . hides it), so it won’t show up in a normal file browser view.

On the gateway host, run:

cd ~
ls -la | rg "\\.openclaw" || true
ls -la ~/.openclaw
ls -la ~/.openclaw/agents/main/agent

If you’re using a GUI file manager: in most Linux file managers press Ctrl+H to show hidden files.

Remove the beta header (fix the 401)

Edit both files and delete that "anthropic-beta": "context-1m-2025-08-07" line:

# 
nano ~/.openclaw/openclaw.json
nano ~/.openclaw/agents/main/agent/models.json

(After deleting a line, make sure you didn’t leave a dangling comma that breaks JSON/JSON5.)

Then restart:

openclaw gateway restart

Put the context cap back to 200k (optional but recommended)

openclaw config set agents.defaults.contextTokens 200000 --json
# 
openclaw gateway restart

After that, in Discord do /new once, because your current thread already grew past 200k and will keep failing until you reset the session.

If you paste ~20 lines around line 29 of ~/.openclaw/openclaw.json (redact any secrets), I can tell you exactly which config block is injecting that header so you only have to remove it in one place long-term.