solution web-ui high macos linux windows

Control UI shows 'unauthorized' / keeps reconnecting

Fix OpenClaw dashboard/control UI auth errors (unauthorized, 1008, reconnect loop) by aligning gateway token/password and reachability.

By CoClaw Team

Symptoms

  • The Control UI says “unauthorized”, or it connects then immediately disconnects / reconnects.
  • You open http://127.0.0.1:18789/ and see unauthorized.
  • You see close code 1008.

Cause

The gateway has auth enabled, but the browser is not sending credentials that match the gateway entrypoint you are actually reaching.

Common causes:

  • You opened the UI without the one-time ?token=... link.
  • Your browser cached an old token in localStorage.
  • Your gateway token is being overridden by an environment variable (e.g. OPENCLAW_GATEWAY_TOKEN).
  • You are connecting to a remote host without an SSH tunnel / tailnet bind, so you are not actually reaching the gateway you think you are.

If you need the full trust model instead of the short fix, the primary companion pages are /guides/control-ui-auth-and-pairing, /guides/openclaw-remote-dashboard-access-playbook, and /channels/webchat.

Branch before changing auth config:

What you seeUse this path
unauthorized, token missing, or close code 1008 with auth textContinue here and get a fresh tokenized dashboard link.
device identity requiredUse /troubleshooting/solutions/control-ui-device-identity-required.
pairing required for a new browser/deviceUse /troubleshooting/solutions/control-ui-pairing-required.
reason=scope-upgrade after update/reinstallUse /troubleshooting/solutions/gateway-pairing-required-scope-upgrade.

Fix

openclaw dashboard

Open the URL it prints (it should include ?token=...).

2) Verify the gateway is reachable

openclaw status

If the gateway is remote, tunnel it first:

ssh -N -L 18789:127.0.0.1:18789 user@host

Then open:

  • http://127.0.0.1:18789/?token=...

3) Check token source only after reopening from the dashboard command

Use the tokenized URL from openclaw dashboard first. Do not treat a manual browser setting as the primary recovery path unless the current Control UI auth guide tells you to use that location for your installed version.

If the fresh link still fails, compare the token source the gateway is using with the environment that starts the service. Common token sources include config and OPENCLAW_GATEWAY_TOKEN.

If you suspect an env override, run:

openclaw doctor

Look for notes about launchd/systemd environment overrides.

Verify

  • Reload the Control UI; it should stay connected.
  • openclaw status --deep succeeds.

Verification & references

  • Reviewed by:CoClaw Code Team
  • Last reviewed:March 14, 2026
  • Verified on: macOS · Linux · Windows

References

Official docs

  1. OpenClaw docs: /help/faq
  2. OpenClaw docs: /web/dashboard
Want to explore more? Browse all solutions or ask in the Community Forum .
Report a problem

Related Resources

Control UI assets missing
Fix
Fix 'Control UI assets not found' by building UI assets (pnpm ui:build) or running openclaw doctor UI repair when sources are present.
Control UI: disconnected (1008): pairing required
Fix
Fix Control UI disconnects caused by device pairing. Approve the browser/device once, then reconnect (common on remote hosts and Docker).
Control UI: dashboard root returns plain-text 'Not Found' after upgrade (pnpm global install)
Fix
Fix cases where the gateway starts normally after an upgrade, but `/` returns plain-text `Not Found` until Control UI assets are copied out of the pnpm global package tree and `gateway.controlUi.root` points at that local copy.
Control UI error: missing scope: operator.read (LAN/IP access)
Fix
Work around a regression where the Control UI works on localhost but fails via LAN/IP with 'missing scope: operator.read'.
OpenClaw Control UI Auth & Pairing: Fix 'unauthorized', 1008, and Remote Dashboard Access
Guide
Restore stable Control UI access by separating gateway auth from device pairing, fixing unauthorized and 1008 loops, and verifying that your remote path stays stable.
OpenClaw Pairing Explained: The Trust Model Behind Control UI
Guide
Understand what Control UI pairing actually proves, why local and remote access behave differently, where users confuse pairing with auth, and how to troubleshoot trust failures without guessing.