Environment
- OpenClaw Version: 2026.2.6-3 (beta)
- OS: macOS (Darwin 25.2.0 arm64)
- Node: v25.5.0
- Gateway Mode: local (loopback bind, port 18789)
Issue
Control UI WebSocket connection fails with "device identity required" error despite having both dangerouslyDisableDeviceAuth: true and allowInsecureAuth: true set in the config.
Config Settings (Confirmed)
{
"gateway": {
"controlUi": {
"enabled": true,
"allowInsecureAuth": true,
"dangerouslyDisableDeviceAuth": true
},
"auth": {
"mode": "token",
"token": "<redacted>"
}
}
}Gateway Logs
{
"cause": "device-required",
"handshake": "failed",
"lastFrameMethod": "connect",
"client": "openclaw-control-ui",
"mode": "webchat",
"code": 1008,
"reason": "device identity required"
}Browser Console
Dashboard shows:
Health: Offline
disconnected (1008): device identity required
All Control UI features are disabled (Status/Health/Heartbeat show {}).
Reproduction
- Set
gateway.controlUi.dangerouslyDisableDeviceAuth: true in config
- Set
gateway.controlUi.allowInsecureAuth: true
- Restart gateway (
openclaw gateway restart)
- Open Control UI at
http://localhost:18789
- WebSocket connection fails with device-required error
Expected Behavior
With dangerouslyDisableDeviceAuth: true, the Control UI should connect without device identity checks (using only token auth).
Actual Behavior
WebSocket handshake is rejected with "cause":"device-required" despite the config setting.
Workaround Attempts
- ✅ Config validated with
openclaw gateway config.get (settings present)
- ✅ Gateway restart attempted
- ❌ Browser cache clear (not yet attempted)
- ❌ Incognito/private window (not yet attempted)
Impact
Control UI is completely unusable. Gateway functions normally for all other channels (Telegram, Discord, etc.).
Additional Context
The dangerouslyDisableDeviceAuth setting appears to be ignored by the WebSocket auth layer in this version. The setting exists in the schema and validates correctly, but has no effect on runtime behavior.
Environment
Issue
Control UI WebSocket connection fails with "device identity required" error despite having both
dangerouslyDisableDeviceAuth: trueandallowInsecureAuth: trueset in the config.Config Settings (Confirmed)
{ "gateway": { "controlUi": { "enabled": true, "allowInsecureAuth": true, "dangerouslyDisableDeviceAuth": true }, "auth": { "mode": "token", "token": "<redacted>" } } }Gateway Logs
{ "cause": "device-required", "handshake": "failed", "lastFrameMethod": "connect", "client": "openclaw-control-ui", "mode": "webchat", "code": 1008, "reason": "device identity required" }Browser Console
Dashboard shows:
All Control UI features are disabled (Status/Health/Heartbeat show
{}).Reproduction
gateway.controlUi.dangerouslyDisableDeviceAuth: truein configgateway.controlUi.allowInsecureAuth: trueopenclaw gateway restart)http://localhost:18789Expected Behavior
With
dangerouslyDisableDeviceAuth: true, the Control UI should connect without device identity checks (using only token auth).Actual Behavior
WebSocket handshake is rejected with
"cause":"device-required"despite the config setting.Workaround Attempts
openclaw gateway config.get(settings present)Impact
Control UI is completely unusable. Gateway functions normally for all other channels (Telegram, Discord, etc.).
Additional Context
The
dangerouslyDisableDeviceAuthsetting appears to be ignored by the WebSocket auth layer in this version. The setting exists in the schema and validates correctly, but has no effect on runtime behavior.