Hardening: refresh stale device pairing requests and pending metadata (#50695)

* Docs: clarify device pairing supersede behavior * Device pairing: supersede pending requests on auth changes
2026-05-05 09:10:20 +00:00 · 2026-03-19 18:26:06 -05:00
parent 9486f6e379
commit 8e132aed6e
19 changed files with 452 additions and 41 deletions
--- a/docs/channels/pairing.md
+++ b/docs/channels/pairing.md
@@ -67,7 +67,7 @@ If you use the `device-pair` plugin, you can do first-time device pairing entire
 2. The bot replies with two messages: an instruction message and a separate **setup code** message (easy to copy/paste in Telegram).
 3. On your phone, open the OpenClaw iOS app → Settings → Gateway.
 4. Paste the setup code and connect.
-5. Back in Telegram: `/pair approve`
+5. Back in Telegram: `/pair pending` (review request IDs, role, and scopes), then approve.

 The setup code is a base64-encoded JSON payload that contains:

@@ -84,6 +84,10 @@ openclaw devices approve <requestId>
 openclaw devices reject <requestId>
 ```

+If the same device retries with different auth details (for example different
+role/scopes/public key), the previous pending request is superseded and a new
+`requestId` is created.
+
 ### Node pairing state storage

 Stored under `~/.openclaw/devices/`: