Resolving 'device identity required' Error in OpenClaw

What's Happening

When you navigate between pages in the OpenClaw Control UI (like switching to the /sessions view or clicking an agent link), your WebSocket connection drops. You see "device identity required" because the browser performs a full page reload. OpenClaw stores your gateway token in-memory for security, so it is wiped clean during these reloads, forcing the dashboard to lose its authentication state.

The Fix

Currently, there is no official point-release fix for this regression. The community identifies this as a routing issue where session links use standard <a href> tags instead of SPA (Single Page Application) navigation methods.

To work around this, avoid navigating away from the initial dashboard URL if possible. If you must navigate, you will need to re-authenticate by manually re-entering your token in the URL fragment: http://127.0.0.1:18789/#token=<your_token>. Do not refresh the page, as this will trigger the same token-loss sequence.

Why This Occurs

The issue stems from a structural change in how the gateway client handles token resolution in version 2026.3.7. The resolvedDeviceToken guard incorrectly drops stored tokens during session link transitions. Because the application logic expects the gateway and device tokens to remain synchronized across the app lifecycle, the full-page reload triggers an identity validation failure in the WebSocket layer.

Prevention

The development team is tracking this in issue #39611. The planned fix involves intercepting standard anchor link clicks to use pushState instead of browser-level navigation, which will keep the JavaScript environment—and the in-memory token—intact. Until an official update is released, monitor the GitHub discussion for backported patches or a new version release that restores SPA navigation behavior.

Last Updated: March 2026