chore(sync): mirror docs from openclaw/openclaw@5a202f6f90
This commit is contained in:
parent
b8bbd4f5a3
commit
bdd51aa2b5
@ -1,5 +1,5 @@
|
||||
{
|
||||
"repository": "openclaw/openclaw",
|
||||
"sha": "d610e2cc6cfe4fdc88ba47600809ad927f8b8ee8",
|
||||
"syncedAt": "2026-04-25T00:50:19.208Z"
|
||||
"sha": "5a202f6f909daf37beb951252a80a27f280e4c31",
|
||||
"syncedAt": "2026-04-25T00:50:56.659Z"
|
||||
}
|
||||
|
||||
@ -44,9 +44,10 @@ To reduce that, OpenClaw treats `auth-profiles.json` as a **token sink**:
|
||||
|
||||
- the runtime reads credentials from **one place**
|
||||
- we can keep multiple profiles and route them deterministically
|
||||
- when credentials are reused from an external CLI like Codex CLI, OpenClaw
|
||||
mirrors them with provenance and re-reads that external source instead of
|
||||
rotating the refresh token itself
|
||||
- external CLI reuse is provider-specific: Codex CLI can bootstrap an empty
|
||||
`openai-codex:default` profile, but once OpenClaw has a local OAuth profile,
|
||||
the local refresh token is canonical; other integrations can remain
|
||||
externally managed and re-read their CLI auth store
|
||||
|
||||
## Storage (where tokens live)
|
||||
|
||||
@ -128,8 +129,11 @@ At runtime:
|
||||
|
||||
- if `expires` is in the future → use the stored access token
|
||||
- if expired → refresh (under a file lock) and overwrite the stored credentials
|
||||
- exception: reused external CLI credentials stay externally managed; OpenClaw
|
||||
re-reads the CLI auth store and never spends the copied refresh token itself
|
||||
- exception: some external CLI credentials stay externally managed; OpenClaw
|
||||
re-reads those CLI auth stores instead of spending copied refresh tokens.
|
||||
Codex CLI bootstrap is intentionally narrower: it seeds an empty
|
||||
`openai-codex:default` profile, then OpenClaw-owned refreshes keep the local
|
||||
profile canonical.
|
||||
|
||||
The refresh flow is automatic; you generally don't need to manage tokens manually.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user