openclaw/clawhub
openclaw/clawhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
bugfix/search
clawhub/docs/auth.md
Peter Steinberger 9f83114dee chore: add docs:list helper
2026-01-07 17:58:00 +01:00

1.2 KiB
Raw Permalink Blame History

summary read_when
Auth overview: GitHub OAuth (web) + API tokens (CLI).
Working on login/token flows
Debugging 401s

Auth

Web auth (GitHub OAuth)

  • Convex Auth + GitHub OAuth App.
  • Env vars:
    • AUTH_GITHUB_ID
    • AUTH_GITHUB_SECRET
    • CONVEX_SITE_URL (used by auth config)

Local setup steps are in the repo root README.md.

API tokens (CLI)

The CLI uses a long-lived API token (Bearer token) for publish/sync/delete.

Browser flow (default)

clawdhub login does:

  1. Starts a loopback HTTP server on 127.0.0.1 (random port).
  2. Opens <site>/cli/auth?redirect_uri=http://127.0.0.1:<port>/callback&state=....
  3. Web UI requires GitHub login, then creates a token and redirects back to the loopback server.
  4. CLI stores the token in the global config file.

Headless flow

Create a token in the web UI (Settings → API tokens) and paste it:

clawdhub login --token clh_...

Token storage

Default global config path:

  • macOS: ~/Library/Application Support/clawdhub/config.json

Override:

  • CLAWDHUB_CONFIG_PATH=/path/to/config.json

Revocation

  • Tokens can be revoked in the web UI.
  • Revoked tokens return 401 Unauthorized on CLI endpoints.