solution config medium macos linux windows

OpenClaw config becomes invalid after you remove a provider but keep its auth profile

Fix config validation failures caused by orphaned `auth.profiles` entries that still reference a provider removed from `models.providers`.

By CoClaw Team •

Symptoms

  • openclaw logs, openclaw status, or other CLI commands suddenly fail after you delete a provider from config.
  • Validation errors mention an auth profile even though the provider itself is already gone.
  • A common message looks like:
auth.profiles.<name>.provider: Invalid input: expected string, received undefined

Cause

OpenClaw can keep loading auth.profiles entries even after you removed the matching provider from models.providers.

That leaves an orphaned auth profile behind.

In practice, this often happens when:

  • you previously configured OAuth for a provider such as qwen-portal,
  • later removed models.providers.qwen-portal,
  • but did not remove auth.profiles["qwen-portal:default"].

Because the profile key still implies the provider, config loading can fail before the CLI gets to normal runtime behavior.

Fix

1) Remove the orphaned auth profile entry

If you know the exact profile key, delete it directly:

openclaw config unset 'auth.profiles["qwen-portal:default"]'

Repeat for any other profiles that still point to removed providers.

2) Validate the config immediately

openclaw config validate

Why this helps: it confirms you removed the actual blocking entry before you restart the gateway.

3) Restart the gateway after cleanup

openclaw gateway restart

Verify

  • openclaw config validate passes.
  • openclaw logs and openclaw status work again.
  • openclaw config get auth.profiles no longer shows entries for providers you already removed from models.providers.

If validation still fails, inspect the remaining auth profiles:

openclaw config get auth.profiles

Then compare those profile keys with the provider keys still present under models.providers.

Verification & references

  • Reviewed by:CoClaw Code Team
  • Last reviewed:March 14, 2026
  • Verified on: macOS · Linux · Windows

References

Official docs

  1. OpenClaw docs: /cli/config
  2. OpenClaw docs: /gateway/configuration

Issue threads

  1. OpenClaw GitHub issue #38913
Want to explore more? Browse all solutions or ask in the Community Forum .
Report a problem

Related Resources

Model/auth failures: rate limit, billing, or 'all models failed'
Fix
Debug OpenClaw model failures by checking provider auth status, probing profiles, switching models/fallbacks, and verifying provider/model refs.
Gateway won't start: config validation failed / JSON5 parse error
Fix
Fix gateway boot failures caused by invalid JSON5 syntax or schema validation errors (unknown keys, wrong types) using openclaw doctor and config tools.
Onboarding skips Model/Auth setup (agent unresponsive after install)
Fix
Fix a broken onboarding flow where OpenClaw defaults to a model without credentials, causing the agent to hang, by configuring provider auth manually or downgrading.
Gateway won't start: 'refusing to bind ... without auth'
Fix
Fix gateway startup failures when binding to LAN/tailnet without token/password auth configured.
OpenClaw Safe Mode Recovery After OAuth Renewal: auth-profiles.json vs provisioned copy
Guide
Understand why OpenClaw recovery can keep looping after a successful OAuth renewal, and how to resync the live auth file, the provisioned copy, and safe-mode markers.
OpenClaw Configuration Guide: openclaw.json, Models, Gateway, Channels, and Plugins
Guide
Set up openclaw.json without guesswork: confirm the active config path, choose a safe baseline, add providers and channels in the right order, and verify each change before it becomes a production problem.