solution model high macos linux windows

OAuth token refresh failed (Anthropic Claude subscription)

Fix expired Anthropic subscription auth by switching to a Claude Code setup-token and pasting it on the gateway host.

By CoClaw Team •

Symptoms

  • Logs or openclaw models status indicate an Anthropic OAuth token expired and refresh failed.
  • Model calls to Anthropic stop working even though they worked previously.

Cause

If you’re using an Anthropic subscription flow (no API key), the stored OAuth token can expire or be invalidated. Refresh may fail due to provider-side token rotation or local auth state drift.

Use a Claude Code setup-token and paste it on the gateway host:

openclaw models auth setup-token --provider anthropic
openclaw models status

If you generated a token elsewhere:

openclaw models auth paste-token --provider anthropic
openclaw models status

Verify

openclaw models status --probe

Then send a test message.

Verification & references

  • Reviewed by:CoClaw Code Team
  • Last reviewed:March 14, 2026
  • Verified on: macOS · Linux · Windows

References

Official docs

  1. OpenClaw docs: /concepts/oauth
  2. OpenClaw docs: /gateway/authentication
  3. OpenClaw docs: /gateway/troubleshooting
Want to explore more? Browse all solutions or ask in the Community Forum .
Report a problem

Related Resources

Email OAuth keeps requiring re-auth (tokens disappear or refresh fails)
Fix
Fix repeated email OAuth logins by persisting the OpenClaw state directory, eliminating config/runtime drift, and diagnosing refresh failures from logs.
ClawHub CLI: 'Unauthorized' even with a valid token
Fix
Work around ClawHub CLI token auth failures by using the www registry URL (and the no-browser login flow).
Ollama configured, but OpenClaw still uses Anthropic (or model discovery keeps failing)
Fix
Fix local Ollama setups where gateway logs show Anthropic fallback or repeated Ollama model-discovery failures by pinning provider config, verifying connectivity from the gateway runtime, and separating model selection problems from OpenAI-compatible payload problems.
Gateway won't start: 'refusing to bind ... without auth'
Fix
Fix gateway startup failures when binding to LAN/tailnet without token/password auth configured.
OpenClaw Deployment Troubleshooting: Token Resets, STARTING Containers, and Startup Probe Failures
Guide
A platform-aware guide for Alibaba Cloud, Volcengine, Zeabur, Unraid, AWS, and Google Cloud: why image resets force token re-entry, how to persist OpenClaw state correctly, and how to debug STARTING / startup probe failed step-by-step.
OpenClaw Email (Gmail/IMAP) Setup: OAuth Reliability, Re-Auth Loops, and Safer Alternatives
Guide
Set up OpenClaw email with a path you can actually keep stable: choose the right auth model, reduce Gmail re-auth loops, contain blast radius, and verify reliability before the inbox becomes business-critical.