Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix [Bug]: 2026.3.28 — /v1/models and /v1/chat/completions reject gateway bearer token with 'missing scope: operator.read/write' [1 pull requests, 1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#56763Fetched 2026-04-08 01:48:03
View on GitHub
Comments
1
Participants
2
Timeline
7
Reactions
0
Author
bennybuoybennybuoy
Participants
bennybuoybennybuoymaximizeGPTmaximizeGPT
Timeline (top)
cross-referenced ×3subscribed ×2commented ×1marked_as_duplicate ×1

After updating from 2026.3.24 to 2026.3.28, the OpenAI-compatible HTTP endpoints (/v1/models and /v1/chat/completions) reject the gateway bearer token with missing scope: operator.read and missing scope: operator.write respectively.

The gateway token authenticates successfully (no 401), but the new scope enforcement added in 2026.3.28 treats it as having zero operator scopes.

Error Message

2026.3.28: Returns {"ok":false,"error":{"type":"forbidden","message":"missing scope: operator.read"}} ❌ None found. Tailscale identity bypass (allowTailscale: true) also fails — same scope error.

Root Cause

After updating from 2026.3.24 to 2026.3.28, the OpenAI-compatible HTTP endpoints (/v1/models and /v1/chat/completions) reject the gateway bearer token with missing scope: operator.read and missing scope: operator.write respectively.

The gateway token authenticates successfully (no 401), but the new scope enforcement added in 2026.3.28 treats it as having zero operator scopes.

Fix Action

Workaround

None found. Tailscale identity bypass (allowTailscale: true) also fails — same scope error.

PR fix notes

PR #57218: fix(gateway): restore headerless bearer compatibility on OpenAI-compatible HTTP routes

Description (problem / solution / changelog)

Summary

  • Problem: #56763 reports that /v1/models and /v1/chat/completions now reject valid gateway bearer auth with missing scope: operator.read/write unless clients also send x-openclaw-scopes.
  • Why it matters: This regressed OpenAI-compatible HTTP clients that were previously documented to work with shared gateway bearer auth alone, including Open WebUI-style integrations.
  • What changed: Restore the documented compatibility path on the OpenAI-compatible HTTP routes by granting the default operator scope bundle only when the scope header is absent and shared gateway auth succeeded via token or password.
  • What did NOT change (scope boundary): Explicit x-openclaw-scopes remains authoritative, explicit empty/downscoped headers still fail, and trusted-proxy does not get the implicit fallback.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor required for the fix
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

  • Closes #56763
  • Related #57113
  • This PR fixes a bug or regression

Root Cause / Regression History (if applicable)

  • Root cause: the HTTP OpenAI-compatible route checks started enforcing method scopes from x-openclaw-scopes, but the shared gateway bearer auth path does not derive scopes onto the request.
  • Missing detection / guardrail: there was no route-level regression test covering headerless bearer auth on /v1/models and /v1/chat/completions.
  • Prior context (git blame, prior PR, issue, or refactor if known): the issue was reported after the recent HTTP scope-hardening work, especially #56618 for chat completions; /v1/models had a similar hardening path already in place.
  • Why this regressed now: the scope checks assumed all HTTP clients would send x-openclaw-scopes, but the documented compatibility contract for shared bearer auth did not require that.
  • If unknown, what was ruled out: N/A

Regression Test Plan (if applicable)

  • Coverage level that should have caught this:
    • Unit test
    • Seam / integration test
    • End-to-end test
    • Existing coverage already sufficient
  • Target test or file: src/gateway/models-http.test.ts, src/gateway/openai-http.test.ts, plus helper coverage in src/gateway/http-auth-helpers.test.ts
  • Scenario the test should lock in: headerless token/password bearer auth succeeds on OpenAI-compatible HTTP routes, while explicit empty or downscoped headers still fail.
  • Why this is the smallest reliable guardrail: the regression lives at the HTTP auth-to-method-scope seam, not in the lower-level auth primitive alone.
  • Existing test that already covers this (if any): none for the headerless compatibility path
  • If no new test is added, why not: N/A

User-visible / Behavior Changes

OpenAI-compatible HTTP clients using valid gateway bearer auth no longer need to send x-openclaw-scopes just to call /v1/models or /v1/chat/completions. Explicitly supplied scopes still behave as before.

Diagram (if applicable)

Before:
[HTTP bearer auth succeeds] -> [missing x-openclaw-scopes] -> [required method scope checks []] -> [403 missing scope]

After:
[HTTP bearer auth succeeds] -> [missing x-openclaw-scopes] -> [compatibility fallback for token/password auth] -> [method scope check passes]

Security Impact (required)

  • New permissions/capabilities? (No)
  • Secrets/tokens handling changed? (No)
  • New/changed network calls? (No)
  • Command/tool execution surface changed? (No)
  • Data access scope changed? (No)
  • If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

  • OS: macOS
  • Runtime/container: Node 24 / Bun 1.3.x local dev runtime
  • Model/provider: not relevant to the auth regression
  • Integration/channel (if any): OpenAI-compatible HTTP gateway routes
  • Relevant config (redacted): shared gateway auth via token/password

Steps

  1. Start the gateway with shared auth enabled.
  2. Call /v1/models or /v1/chat/completions with valid Authorization: Bearer ... and no x-openclaw-scopes header.
  3. Compare with explicit empty or downscoped x-openclaw-scopes headers.

Expected

  • Valid headerless bearer auth succeeds on the OpenAI-compatible HTTP routes.
  • Explicit empty or insufficient scopes still fail.

Actual

  • Before this fix, headerless bearer auth fails with missing scope: operator.read or missing scope: operator.write.

Evidence

Attach at least one:

  • Failing test/log before + passing after
  • Trace/log snippets
  • Screenshot/recording
  • Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

  • Verified scenarios:
    • helper-level scope resolution: token/password headerless auth gets the default operator scope bundle; empty/downscoped headers stay denied; trusted-proxy gets no implicit fallback
    • endpoint-level /v1/models probes: token headerless 200, token empty-scope 403, token downscoped 403, password headerless 200
    • changed files pass oxlint and oxfmt --check
  • Edge cases checked:
    • explicit empty scope header remains empty rather than being treated as missing
    • trusted-proxy remains excluded from the compatibility fallback
  • What you did not verify:
    • I did not get a completed focused Vitest run in this environment; the targeted Vitest command stayed in startup/compile with no test-body output, so I am relying on the direct runtime probes plus CI for the full suite.

Review Conversations

  • I replied to or resolved every bot review conversation I addressed in this PR.
  • I left unresolved only the conversations that still need reviewer or maintainer judgment.

If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.

Compatibility / Migration

  • Backward compatible? (Yes)
  • Config/env changes? (No)
  • Migration needed? (No)
  • If yes, exact upgrade steps: N/A

Risks and Mitigations

  • Risk: route-local compatibility fallback could be misread as broad auth widening
    • Mitigation: keep it scoped to the OpenAI-compatible HTTP routes, only when the scope header is absent, and only for token / password auth; explicit scopes and trusted-proxy behavior are unchanged

Changed files

  • src/gateway/http-auth-helpers.test.ts (modified, +94/-2)
  • src/gateway/http-auth-helpers.ts (modified, +63/-12)
  • src/gateway/http-endpoint-helpers.test.ts (modified, +10/-8)
  • src/gateway/http-endpoint-helpers.ts (modified, +11/-6)
  • src/gateway/models-http.test.ts (modified, +54/-4)
  • src/gateway/models-http.ts (modified, +13/-8)
  • src/gateway/openai-http.test.ts (modified, +34/-0)
  • src/gateway/openai-http.ts (modified, +2/-0)
RAW_BUFFERClick to expand / collapse

Bug Report

Version

OpenClaw 2026.3.28 (f9b1079)

Description

After updating from 2026.3.24 to 2026.3.28, the OpenAI-compatible HTTP endpoints (/v1/models and /v1/chat/completions) reject the gateway bearer token with missing scope: operator.read and missing scope: operator.write respectively.

The gateway token authenticates successfully (no 401), but the new scope enforcement added in 2026.3.28 treats it as having zero operator scopes.

Steps to Reproduce

  1. Configure gateway.auth.mode: "token" with a plain string token
  2. Enable gateway.http.endpoints.chatCompletions.enabled: true
  3. curl -H 'Authorization: Bearer <token>' http://127.0.0.1:<port>/v1/models

2026.3.24: Returns model list ✅ 2026.3.28: Returns {"ok":false,"error":{"type":"forbidden","message":"missing scope: operator.read"}}

Same for POST /v1/chat/completionsmissing scope: operator.write

Expected Behavior

The gateway bearer token should grant full operator access to the HTTP endpoints, as documented in OpenAI Chat Completions docs:

Security boundary: Treat this endpoint as a full operator-access surface for the gateway instance. [...] once a caller passes Gateway auth here, OpenClaw treats that caller as a trusted operator for this gateway.

Actual Behavior

Token authenticates (not 401) but scope check fails (403 forbidden). The raw gateway token doesn't carry device-paired scopes.

Impact

Breaks Open WebUI integration (and likely any other OpenAI-compatible client using bearer token auth). The docs explicitly recommend this setup.

Likely Cause

The changelog entry: "Security/gateway auth: enforce operator.read and models.list on /v1/models so write-scoped callers cannot list models through the OpenAI-compatible HTTP surface" — this enforcement doesn't account for the plain bearer token auth path, which should implicitly grant all operator scopes.

Environment

  • OS: Ubuntu 22.04 (Linux 6.8.0-106-generic x64)
  • Auth mode: token (plain string)
  • Open WebUI: v0.8.12 (Docker, --network host)
  • Previously working on 2026.3.24

Workaround

None found. Tailscale identity bypass (allowTailscale: true) also fails — same scope error.

extent analysis

Fix Plan

To resolve the issue, we need to update the gateway authentication to include the required operator scopes. We can achieve this by modifying the gateway.auth configuration to include the operator.read and operator.write scopes.

Step-by-Step Solution

  1. Update gateway.auth configuration:

gateway: auth: mode: "token" token: "your_plain_string_token" scopes: - "operator.read" - "operator.write"

2. **Alternative: Modify the token generation**:
   If you are generating the token programmatically, ensure it includes the necessary scopes. For example, in Python:
   ```python
import jwt

# Define the token payload with required scopes
payload = {
    'scopes': ['operator.read', 'operator.write']
}

# Generate the token
token = jwt.encode(payload, 'your_secret_key', algorithm='HS256')
  1. Restart the OpenClaw service to apply the changes.

Verification

After applying the fix, verify that the OpenAI-compatible HTTP endpoints (/v1/models and /v1/chat/completions) no longer return missing scope errors. You can test this using curl commands:

curl -H 'Authorization: Bearer <updated_token>' http://127.0.0.1:<port>/v1/models
curl -X POST -H 'Authorization: Bearer <updated_token>' http://127.0.0.1:<port>/v1/chat/completions

Replace <updated_token> with the new token that includes the required scopes.

Extra Tips

  • Ensure that the gateway.auth.mode is set to "token" and the gateway.auth.token is correctly configured.
  • If using a custom token generation script, update it to include the necessary scopes.
  • Refer to the OpenClaw documentation for more information on configuring the OpenAI-compatible HTTP API.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#prompt issue#agent setup#task chaining#parallel task

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING