#Browser Relay Extension — Auth Token Mismatch on Node-Hosted Mac

1 messages · Page 1 of 1 (latest)

mossy garnetBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

dry siloBOT
#

/json/list returning Unauthorized is actually the key clue here: the relay on 127.0.0.1:18792 is protected, and OpenClaw will treat it as “not ours” if it can’t auth — which is exactly why you then see:

Port 18792 is in use for profile 'chrome' but not by openclaw

1) What token does the relay expect?

The extension relay expects an auth header:

  • Header name: x-openclaw-relay-token
  • Accepted values: either the gateway token (gateway.auth.token) or a derived HMAC token.

And importantly: the relay derives/validates this based on the local machine’s config/env (the machine where the relay is running) — in your case the Mac node host, not the Ubuntu VPS.

Docs also state the same thing (extension Options “Gateway token must match gateway.auth.token / OPENCLAW_GATEWAY_TOKEN”):
https://docs.openclaw.ai/tools/chrome-extension

2) Why your current attempts didn’t change anything

  • browser.auth.token is not the knob the relay uses.
#
  • The relay auth is tied to gateway.auth.token (or OPENCLAW_GATEWAY_TOKEN) on the Mac.
  • If you entered the VPS gateway token in the extension options, but the Mac relay was generated/persisted with a different local token, you’ll get exactly this behavior.

3) Find the actual token (on the Mac)

On the Mac, run:

openclaw --version
openclaw status --all
openclaw config get gateway.auth.token

That gateway.auth.token value is what you paste into the extension Options “Gateway token”.

If it’s empty/missing, generate one on the Mac and restart the node host / app:

# 
openclaw doctor --generate-gateway-token
# then restart the mac app / node host process

4) Verify with curl (this should stop being Unauthorized)

Still on the Mac:

TOKEN="$(openclaw config get gateway.auth.token | tr -d '\"')"
curl -H "x-openclaw-relay-token: $TOKEN" http://127.0.0.1:18792/json/version
curl -H "x-openclaw-relay-token: $TOKEN" http://127.0.0.1:18792/json/list

If /json/version comes back and Browser is OpenClaw/extension-relay, OpenClaw should stop claiming “port in use but not by openclaw”, and browser tabs should populate (assuming you attached a tab with the toolbar button).

5) If you still can’t find the token anywhere