[Bug]: DingTalk connector gets 403 'missing scope: operator.write' when calling gateway API

[wushicheng123]

[Bug]: DingTalk connector gets 403 "missing scope: operator.write" when calling gateway API

Bug type

Regression (worked before, now fails) / Authentication issue

Description

DingTalk connector successfully connects and creates AI Cards, but fails when calling the gateway streaming API (/v1/chat/completions) with error:

403 - {"ok":false,"error":{"type":"forbidden","message":"missing scope: operator.write"}}

Environment

• OpenClaw version: 2026.3.28 (f9b1079)
• DingTalk connector version: 0.8.8
• OS: Windows 10.0.26200 (x64)
• Node version: 24.14.0
• Gateway mode: local (loopback)

Configuration

{
  "gateway": {
    "port": 18789,
    "mode": "local",
    "bind": "loopback",
    "auth": {
      "mode": "token",
      "token": "e374f14b8f2a45425b1775b2fc7df7bd239c0860d409763f"
    }
  },
  "channels": {
    "dingtalk-connector": {
      "enabled": true,
      "clientId": "dingmtt4i1pr8byl530g",
      "clientSecret": "rLfKK1-F0dkPy3dG--msixBGyezpICJ0MOoWLMV2wS6SenUOoM2LQ9U3vkk1h1Rf",
      "gatewayToken": "e374f14b8f2a45425b1775b2fc7df7bd239c0860d409763f"
    }
  },
  "bindings": [
    {
      "type": "route",
      "agentId": "qa-engineer",
      "match": {
        "channel": "dingtalk-connector"
      }
    }
  ]
}

Steps to reproduce

1. Configure DingTalk connector with gatewayToken matching gateway.auth.token
2. Start gateway: openclaw gateway start
3. Send a message to DingTalk bot
4. Observe AI Card is created successfully
5. Gateway API call fails with 403 error

Expected behavior

DingTalk connector should be able to call gateway streaming API (/v1/chat/completions) successfully when authenticated with the correct gateway token.

Actual behavior

• AI Card creation: ✅ Success (status=200)
• Gateway API call: ❌ 403 Forbidden

  [DingTalk][Gateway] POST http://127.0.0.1:18789/v1/chat/completions
  [DingTalk][Gateway] 响应 status=403, ok=false
  [DingTalk][Gateway] 错误响应: {"ok":false,"error":{"type":"forbidden","message":"missing scope: operator.write"}}
  

Error log excerpt

{"subsystem":"gateway/channels/dingtalk-connector"}
"[DingTalk] Gateway 调用失败：Gateway error: 403 - {\"ok\":false,\"error\":{\"type\":\"forbidden\",\"message\":\"missing scope: operator.write\"}}"
Error: Gateway error: 403 - {"ok":false,"error":{"type":"forbidden","message":"missing scope: operator.write"}}
    at streamFromGateway (C:/Users/piece/.openclaw/extensions/dingtalk-connector/plugin.ts:1488:11)
    at handleDingTalkMessage (C:/Users/piece/.openclaw/extensions/dingtalk-connector/plugin.ts:2891:26)

Analysis

This appears to be related to issue #27494 where API clients authenticating via shared token (without device identity) have their scopes cleared by clearUnboundScopes() function.

The DingTalk connector uses Bearer token authentication:

headers['Authorization'] = `Bearer ${gatewayAuth}`;

But the gateway doesn't grant operator.write scope to token-authenticated connections without device identity.

Workaround attempted

• Updated dingtalk-connector from 0.7.9 to 0.8.8 (latest)
• Verified gatewayToken matches gateway.auth.token
• Confirmed gateway is running and accessible
• AI Card creation works, only streaming API calls fail

Related issues

• Operator scopes cleared for API clients authenticating via shared token (no device identity) #27494 - Operator scopes cleared for API clients authenticating via shared token
• [Bug]: openclaw-cli token auth scope operator.read missing #50474 - openclaw-cli token auth scope operator.read missing

Request

Please fix the scope authentication for plugin/channel connectors using token auth, or provide documentation on the correct authentication method for DingTalk connector to access gateway APIs.

[lesaai]

This is fixed on main in src/gateway/http-auth-helpers.ts — resolveGatewayRequestedOperatorScopes() now returns CLI_DEFAULT_OPERATOR_SCOPES when no x-openclaw-scopes header is present (the raw === undefined path). The old code returned [] which caused the 403.

Workaround until the next release: Callers can send the x-openclaw-scopes: operator.read,operator.write header on HTTP requests. Or patch the dist file:

# In dist/gateway-cli-*.js, find:
#   if (!raw) return [];
# Replace with:
#   if (!raw) return ["operator.read", "operator.write", "operator.admin"];

Restart the gateway after patching.

[steipete]

Closing this as implemented after Codex review.

Current main and shipped release v2026.4.23 already restore the default operator scope set for bearer-authenticated OpenAI-compatible Gateway HTTP requests, which includes operator.write, so the reported 403 path is fixed.

What I checked:

• Compat HTTP scope resolver restores default scopes: resolveOpenAiCompatibleHttpOperatorScopes() returns CLI_DEFAULT_OPERATOR_SCOPES for shared-secret gateway auth (token/password), which includes operator.write. (src/gateway/http-utils.ts:232, 5dfc1b90e176)
• /v1/chat/completions uses that resolver: The OpenAI-compatible chat completions handler wires resolveOpenAiCompatibleHttpOperatorScopes into the authorization path for /v1/chat/completions. (src/gateway/openai-http.ts:505, 5dfc1b90e176)
• Regression test covers shared-secret bearer auth: The request-context test explicitly expects shared-secret bearer auth to restore the default operator scopes, including operator.write, even when x-openclaw-scopes is narrower. (src/gateway/http-utils.request-context.test.ts:128, 5dfc1b90e176)
• Shipped in release notes: The changelog entry says: Gateway/OpenAI HTTP: restore default operator scopes for bearer-authenticated requests that omit x-openclaw-scopes, so headless /v1/chat/completions and session-history callers work again after the recent method-scope hardening. (#57596). (CHANGELOG.md:1515, 9b18ae877018)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review notes: reviewed against 5dfc1b90e176; fix evidence: release v2026.4.23, commit 9b18ae877018.