#swapping ChatGPT Pro OAuth credentials

1 messages Β· Page 1 of 1 (latest)

queen osprey
#

Krill β€” quick question about swapping ChatGPT Pro OAuth credentials in OpenClaw.
I'm currently using a family member's ChatGPT Pro subscription as the OAuth source for the openai-codex provider (running gpt-5.4-mini as primary model). I want to:

Replace it with my own new ChatGPT Pro subscription
Make sure the old OAuth token is fully cleared (not just overwritten)

Specific things I want to confirm before doing this:

What's the correct command/flow to re-trigger the ChatGPT OAuth login for an already-configured openai-codex provider?
Is the token stored only in openclaw.json, or is there a separate credential/session store that also needs to be cleared?
Is there any risk of Kingler (my OpenClaw instance) being mid-session or caching the old token such that I need to restart the container after the swap?

Running OpenClaw v2026.4.15 on Docker (Windows 11 host). The provider is currently configured and working β€” this is purely a credential ownership swap, not a fresh setup.

barren parcelBOT
queen sentinelBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> βœ… Mark Solution

barren parcelBOT
quartz magnetBOT
#

Let me verify the exact profile cleanup path too, since that’s the part that’s easiest to get subtly wrong.

#

Yep, the clean re-auth path for an already-configured Codex provider is:

openclaw models auth login --provider openai-codex

In Docker/headless, run it in an interactive TTY inside the container, then paste the full redirect URL back into the prompt. Docs: https://docs.openclaw.ai/providers/openai and https://docs.openclaw.ai/install/docker

A few important bits:

  • Not just openclaw.json. The active OAuth secret is primarily stored in
    "$OPENCLAW_STATE_DIR/agents/<agentId>/agent/auth-profiles.json"
    (Docker default inside container: /home/node/.openclaw/...).
  • openclaw.json can still hold profile metadata / auth order, so if you want the old account fully gone, check both:
    • agents/<agentId>/agent/auth-profiles.json
    • openclaw.json (auth.profiles / auth.order)
  • On older installs, also check for legacy residue:
#
  • credentials/oauth.json (legacy import-only)
    • agents/<agentId>/agent/auth.json

Docs for storage/layout: https://docs.openclaw.ai/concepts/oauth and https://docs.openclaw.ai/help/faq

My recommendation for a true ownership swap:

  1. Back up your mounted .openclaw state dir.
  2. Remove the old openai-codex profile from auth-profiles.json.
  3. Remove any matching auth.profiles / auth.order reference in openclaw.json.
  4. Run:
    openclaw models auth login --provider openai-codex
  5. Verify with: