Device pairing tokens invalidated after gateway restart loop

[creditblake]

Summary

Device pairing tokens become invalid after gateway restart loops, even though the device records persist in ~/.openclaw/devices/paired.json. This forces users to re-pair the web dashboard and CLI after any gateway instability.

Steps to Reproduce

1. Pair web dashboard (Control UI) with gateway
2. Confirm webchat connected appears in logs
3. Trigger gateway restart loop (e.g., via network failure causing crash - see Unhandled promise rejection in Slack provider crashes entire gateway #22865)
4. After gateway stabilizes, attempt to reconnect web dashboard

Expected Behavior

Device tokens should survive gateway restarts. The persisted state in ~/.openclaw/devices/paired.json should be sufficient to validate previously-paired devices.

Actual Behavior

After restart loops, the gateway rejects previously-valid device tokens:

[ws] unauthorized conn=... remote=127.0.0.1 client=openclaw-control-ui webchat vdev reason=device_token_mismatch
[ws] closed before connect ... code=1008 reason=unauthorized: device token mismatch (rotate/reissue device token)

This happens even though:

• ~/.openclaw/devices/paired.json still contains the device record
• ~/.openclaw/identity/device.json (gateway keypair) hasn't changed
• The browser still has the original device token in localStorage

Environment

• OpenClaw: 2026.2.19-2
• Node.js: 25.6.0
• macOS: Darwin 24.6.0 (arm64)
• Gateway auth: token mode, loopback bind

Workaround

1. Clear browser localStorage for localhost:18789
2. Run openclaw gateway pair or access dashboard to re-pair

Investigation Notes

The device is stored in paired.json with its token:

{
  "181a2782...": {
    "deviceId": "181a2782...",
    "clientId": "openclaw-control-ui",
    "tokens": {
      "operator": {
        "token": "zaCyiCn6RRf-...",
        ...
      }
    }
  }
}

Yet the gateway rejects the token after restart. Possible causes:

• Token validation uses ephemeral state not persisted to disk
• Race condition loading device state on startup
• Token rotation happening during restart without updating persisted state

Related

• Unhandled promise rejection in Slack provider crashes entire gateway #22865 (Slack provider crash causes the restart loops that trigger this issue)

[creditblake]

Note: PR #22896 addresses the crash loop root cause (#22865) that was triggering the pairing token invalidation.

By preventing the gateway from exiting on transient Slack DNS errors, launchd restart loops should stop occurring. This should significantly reduce the frequency of token corruption, since the corruption appears to happen during rapid restart cycles.

However, this PR does not directly fix the token persistence issue — if tokens are still invalidated by other restart causes, the underlying persistence bug would remain. Leaving this issue open for that investigation.

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[openclaw-barnacle]

Closing due to inactivity.
If this is still an issue, please retry on the latest OpenClaw release and share updated details.
If you are absolutely sure it still happens on the latest release, open a new issue with fresh repro steps.