vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-30 21:20:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: refresh gateway auth handshake refs

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-04 16:09:42 +01:00
parent 5012b52780
commit 8a6da9d488
5 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/gateway/protocol.md
View File

@@ -420,8 +420,14 @@ Gateway exposes today.
## Auth
- If `OPENCLAW_GATEWAY_TOKEN` (or `--token`) is set, `connect.params.auth.token`
must match or the socket is closed.
- Shared-secret gateway auth uses `connect.params.auth.token` or
`connect.params.auth.password`, depending on the configured auth mode.
- Identity-bearing modes such as Tailscale Serve
(`gateway.auth.allowTailscale: true`) or non-loopback
`gateway.auth.mode: "trusted-proxy"` satisfy the connect auth check from
request headers instead of `connect.params.auth.*`.
- Private-ingress `gateway.auth.mode: "none"` skips shared-secret connect auth
entirely; do not expose that mode on public/untrusted ingress.
- After pairing, the Gateway issues a **device token** scoped to the connection
role + scopes. It is returned in `hello-ok.auth.deviceToken` and should be
persisted by the client for future connects.