Skip to content

fix(keyring): persist OAuth tokens across Homebrew upgrades#94

Merged
steipete merged 2 commits intoopenclaw:mainfrom
salmonumbrella:fix/oauth-token-persistence
Jan 21, 2026
Merged

fix(keyring): persist OAuth tokens across Homebrew upgrades#94
steipete merged 2 commits intoopenclaw:mainfrom
salmonumbrella:fix/oauth-token-persistence

Conversation

@salmonumbrella
Copy link
Copy Markdown
Contributor

@salmonumbrella salmonumbrella commented Jan 20, 2026

Summary

  • Disable KeychainTrustApplication to prevent macOS Keychain from tying access control to the specific binary hash
  • Tokens now survive across Homebrew upgrades where the binary hash changes
  • Users may see a one-time keychain access prompt after upgrade (click "Always Allow")

Root Cause

When KeychainTrustApplication: true, macOS Keychain ties ACLs to the binary hash. Each brew upgrade installs a new binary with a different hash, causing the new binary to lose access to existing keychain items.

Test Plan

  • All existing tests pass
  • Lint passes
  • Manual verification: authenticate, simulate upgrade (reinstall binary), verify gog auth list still works

Fixes #86

🤖 Generated with Claude Code

salmonumbrella and others added 2 commits January 21, 2026 08:28
@salmonumbrella @claude @steipete
fix(keyring): persist OAuth tokens across Homebrew upgrades
0a7dd58 
Disable KeychainTrustApplication to prevent macOS Keychain from tying
access control to the specific binary hash. This allows tokens to
survive across Homebrew upgrades where the binary hash changes.

Users may see a one-time keychain access prompt after upgrade.

Fixes openclaw#86

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
fix: persist keychain tokens across upgrades (openclaw#94) (thanks @s…
713c52a 
…almonumbrella)
@steipete steipete force-pushed the fix/oauth-token-persistence branch from 9cc14c7 to 713c52a Compare January 21, 2026 08:29
@steipete steipete merged commit 259eba8 into openclaw:main Jan 21, 2026
3 checks passed
@steipete
Copy link
Copy Markdown
Collaborator

steipete commented Jan 21, 2026

Landed via temp rebase onto main.\n\n- Gate: pnpm lint && pnpm build && pnpm test\n- Land commit: 713c52a\n- Merge commit: 259eba8\n\nThanks @salmonumbrella!

klodr pushed a commit to klodr/gogcli that referenced this pull request Apr 22, 2026
@steipete
fix: persist keychain tokens across upgrades (openclaw#94) (thanks @s…
b6f1dff 
…almonumbrella)
klodr pushed a commit to klodr/gogcli that referenced this pull request Apr 22, 2026
@steipete
Merge pull request openclaw#94 from salmonumbrella/fix/oauth-token-pe…
d7db20a 
…rsistence

fix(keyring): persist OAuth tokens across Homebrew upgrades
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OAuth tokens not persisted across upgrades (keyring empty after brew upgrade)

2 participants

@salmonumbrella @steipete