Auth Window - CLI Setup Wizard + Secure Credential Store#9
Draft
dodaa08 wants to merge 1 commit into
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
How it works (end to end)
Run npm run setup to start
It walks you through four steps. First you give it your Rocket.Chat server URL and admin credentials these are used once to create the bot and then discarded. Second you pick a bot username and password; the wizard checks if the user already exists, creates it if not, and logs in to get a personal access token. Third it creates a DM room with the bot and sends a welcome message.
Only one bot account can be connected at a time. The credential store supports multiple accounts (multiple files), but the runtime connects a single main account.
APIs used
POST /api/v1/login - Authenticate admin + get bot token
POST /api/v1/users.create - Create bot user
GET /api/v1/users.info - Check if bot exists
POST /api/v1/im.create - Create DM room
POST /api/v1/chat.postMessage - Send welcome + agent replies
GET /api/v1/me - Verify bot token at runtime
GET /api/v1/subscriptions.get - Poll for room updates
GET /api/v1/chat.syncMessages - Poll for new messages
POST /api/v1/chat.react - Add processing/completion emoji
What user enters and why
RC URL -> Where Rocket.Chat server lives -> Stored in config
Admin username -> Needed to create bot user -> Discarded after use
Admin password -> Authenticate as admin -> Discarded after use
Bot username -> Identity Openclaw uses to message -> Stored
Bot password -> Generate auth token -> Discarded, only token stored
Admin creds are used once and discarded. Bot password is used to generate
a personal access token via POST /api/v1/login - only the token is persisted.
Where tokens are stored
~/.openclaw/credentials/rocketchat/main.json
{
"accountId": "main",
"auth": {
"mode": "token",
"userId": "abc123...",
"accessToken": "def456..."
},
"bot": { "username": "rocketbot", "userId": "xyz789..." },
"createdAt": "2026-06-15T12:00:00Z"
}
Demo
Screencast.From.2026-06-16.17-08-33.online-video-cutter.com.mp4