Add device-code OAuth login for xAI provider
TL;DR
Remote and headless setups can now authorize the xAI provider using device-code OAuth login, eliminating the need for a localhost browser callback.
What changed
OpenClaw added device-code OAuth login support for the xAI provider. Remote and headless setups can now authorize the connection without a localhost browser callback.
The update targets users running OpenClaw on VPS instances or servers without local browsers. It removes the previous requirement for a callback URL during xAI authentication.
Why it matters
This change lowers the barrier for Vibe Builders who self-host OpenClaw on remote machines. It makes xAI a practical choice alongside other providers when the agent needs persistent memory and messaging integrations.
The move signals OpenClaw's focus on real deployment scenarios rather than local-only testing. It pressures closed cloud agents that still tie authentication to browser sessions.
How to use it
Update to the latest OpenClaw version via the CLI on your VPS. Run the xAI provider configuration command and follow the device-code prompt that appears in the terminal.
No browser is required after the initial code entry on a separate device. The feature is available now for all self-hosted installations under the MIT license.
Watch for
Confirm the bet if token usage reports show stable xAI connections without callback errors. The bet breaks if device codes expire too quickly during long setup windows. Expect similar OAuth flows for additional providers in the next release cycle.
Who this matters for
- Vibe Builders: Deploy OpenClaw on a remote VPS and authenticate xAI via terminal without needing a local browser.
- Developers: Implement the device-code OAuth flow to enable headless xAI integration in CLI-based agent tools.
Harsh’s take
This update addresses a major friction point for self-hosted agent infrastructure. Localhost callbacks are a relic of desktop-first development, they fail immediately when moving to a headless VPS or a remote server. By adopting device-code OAuth, OpenClaw makes xAI a viable backend for persistent, remote agents that need to stay online without manual browser intervention.
Operators should view this as a standard for production-ready CLI tools. If your agent framework still requires a local browser redirect for API auth, it is a toy. OpenClaw is prioritizing the deployment reality of builders who run their stacks on cloud instances rather than local machines.
This move simplifies the setup for complex, multi-provider agent environments.
by Harsh Desai
About OpenClaw
View the full OpenClaw page →All OpenClaw updatesMore from OpenClaw
- App UpdateAdd doctor warnings for hidden MCP server tools
The doctor utility now warns users when sandbox tool policies hide configured Model Context Protocol (MCP) server tools before provider requests are made.
- App UpdateExpose stale-running task maintenance details in CLI
The tasks maintenance CLI command now outputs detailed JSON explanations for retained and reconcile candidates, detailing backing-session, cron, CLI, and wedged-subagent states.
- FeatureSupport per-agent lean local-model configuration
Added support for the experimental localModelLean configuration option on individual agents. This allows lean local-model mode to be enabled selectively rather than globally.