context1m param causes HTTP 401 with OAuth/subscription tokens

[dcruver]

When params.context1m: true is set in model config for an OAuth token (subscription auth via sk-ant-oat-*), the API returns:

HTTP 401: authentication_error: OAuth authentication is currently not supported.

The mergeAnthropicBetaHeader in OpenClaw correctly merges the context-1m-2025-08-07 beta alongside the existing OAuth betas (claude-code-20250219,oauth-2025-04-20). The issue is on Anthropic's server side — the context-1m beta header triggers a code path that rejects OAuth tokens entirely.

Claude Code CLI apparently gets 1M context for Max subscribers without using this explicit beta header (possibly granted implicitly through claude-code-20250219 or account tier).

Suggestion: Add a warning or guard in resolveAnthropicBetas to skip context-1m when the auth token is an OAuth token (sk-ant-oat-*), or document the incompatibility.

Environment:

• OpenClaw 2026.2.17
• Model: anthropic/claude-opus-4-6
• Auth: OAuth subscription token (Claude Max)

[newcodebook]

Workaround: don’t enable params.context1m when you’re authenticating Anthropic with an OAuth/subscription setup-token (sk-ant-oat-*). As you found, the context-1m-* beta triggers an Anthropic server-side path that rejects OAuth tokens.

Two practical options:

1. Remove params.context1m: true (or gate it behind “API key auth only”).
2. If you need 1M context, use an auth path that Anthropic accepts for that beta (API key), or route via a provider that supports it.

Recommended reading:

• https://coclaw.com/troubleshooting/solutions/oauth-token-refresh-failed/
• https://coclaw.com/troubleshooting/solutions/models-all-models-failed/

[KJT125]

Important for Claude Max (OAuth) users — we use anthropic/claude-opus-4-6 with OAuth subscription token on OpenClaw 2026.2.17 and have NOT enabled context1m. Good to know this is a trap to avoid.

Suggestion: OpenClaw should auto-detect OAuth tokens (sk-ant-oat-*) and either skip the context-1m beta header or warn at config validation time. Silent 401 errors are hard to debug.

[vincentkoc]

Assuming PR #24620 is merged, closing this as fixed.

Fix coverage in #24620 includes:

• Anthropic context1m beta header handling for supported models
• OAuth/token compatibility handling (skip incompatible context-1m beta while preserving required OAuth betas)
• Status/session context token resolution updates so effective context is reflected correctly