chore(sync): mirror docs from openclaw/openclaw@5a202f6f90

This commit is contained in:
openclaw-docs-sync[bot] 2026-04-25 00:52:21 +00:00
parent b8bbd4f5a3
commit bdd51aa2b5
2 changed files with 11 additions and 7 deletions

View File

@ -1,5 +1,5 @@
{
"repository": "openclaw/openclaw",
"sha": "d610e2cc6cfe4fdc88ba47600809ad927f8b8ee8",
"syncedAt": "2026-04-25T00:50:19.208Z"
"sha": "5a202f6f909daf37beb951252a80a27f280e4c31",
"syncedAt": "2026-04-25T00:50:56.659Z"
}

View File

@ -44,9 +44,10 @@ To reduce that, OpenClaw treats `auth-profiles.json` as a **token sink**:
- the runtime reads credentials from **one place**
- we can keep multiple profiles and route them deterministically
- when credentials are reused from an external CLI like Codex CLI, OpenClaw
mirrors them with provenance and re-reads that external source instead of
rotating the refresh token itself
- external CLI reuse is provider-specific: Codex CLI can bootstrap an empty
`openai-codex:default` profile, but once OpenClaw has a local OAuth profile,
the local refresh token is canonical; other integrations can remain
externally managed and re-read their CLI auth store
## Storage (where tokens live)
@ -128,8 +129,11 @@ At runtime:
- if `expires` is in the future → use the stored access token
- if expired → refresh (under a file lock) and overwrite the stored credentials
- exception: reused external CLI credentials stay externally managed; OpenClaw
re-reads the CLI auth store and never spends the copied refresh token itself
- exception: some external CLI credentials stay externally managed; OpenClaw
re-reads those CLI auth stores instead of spending copied refresh tokens.
Codex CLI bootstrap is intentionally narrower: it seeds an empty
`openai-codex:default` profile, then OpenClaw-owned refreshes keep the local
profile canonical.
The refresh flow is automatic; you generally don't need to manage tokens manually.