Use Your Claude Max, ChatGPT Plus, or Codex Subscription with OpenClaw

OpenClaw supports OAuth login to subscription-backed AI providers — Claude Max, Codex (ChatGPT Plus/Pro/Team), and GitHub Copilot — so you can use the AI you already pay for instead of buying API credit separately.

This page covers what works, what doesn't, and the gotchas users hit most often.

What's supported (v2026.5.19)

If you're already paying $20+/month for ChatGPT Plus or Claude Max, OAuth is usually cheaper than buying API credits separately. The exception: if your agent burns through tokens fast (long-running cron jobs, multi-agent), subscription rate limits may bite.

Setup: Claude Max via OAuth

1. Initiate OAuth login

openclaw models auth login --provider anthropic-oauth

This opens a browser to claude.ai, you sign in, and the token is saved to ~/.openclaw/tokens/anthropic-oauth.json.

2. Verify you got Claude Max, not Claude Code

This is the #1 thing users miss:

openclaw models auth list

Look for an anthropic-oauth row. If the effective column says claude-code-restricted, you have the limited Claude Code credentials, not full Claude Max access. To get Claude Max credentials, sign out at claude.ai/account first, then re-run the login flow.

3. Configure your agent

{
  "agents": {
    "default": {
      "auth": "anthropic-oauth",
      "model": "claude-sonnet-4-5"
    }
  }
}

Restart and test:

openclaw gateway restart
openclaw agent --message "Confirm you're running via my Claude Max subscription"

The /models provider header should show the OAuth profile rather than an env-key label as of v2026.5.7.

Setup: Codex (ChatGPT Plus/Pro/Team)

openclaw models auth login --provider codex

Browser flow signs you into chatgpt.com. Token saved to ~/.openclaw/tokens/openai-codex.json.

Configure the agent:

{
  "agents": {
    "default": {
      "auth": "openai-codex",
      "model": "gpt-4o"
    }
  }
}

Codex-specific quirks:

• Codex uses its own native approval mode — by default, the pre-guardian PermissionRequest hook is suppressed so Codex's own reviewer can approve safe commands first. OpenClaw surfaces approval only when Codex doesn't (v2026.5.7+).
• Plugin tool auth profiles are preserved when Codex owns model transport — your OpenClaw dynamic tools still resolve provider credentials. Tracked fix in v2026.5.18.
• Native Codex plugins can be managed inline: /codex plugins list, /codex plugins enable <name>, /codex plugins disable <name> (v2026.5.19+).

Setup: GitHub Copilot

openclaw models auth login --provider github-copilot

Limited model set compared to API key access. Native web search support for Copilot GPT models is tracked as an open feature.

Multi-auth: subscription + API key

Run subscription-backed agents and API-key-backed agents side by side:

{
  "agents": {
    "personal": {
      "auth": "anthropic-oauth",
      "model": "claude-sonnet-4-5"
    },
    "cron": {
      "auth": "anthropic-api-key",
      "model": "claude-haiku-4-5"
    }
  }
}

The personal agent uses your Claude Max subscription for interactive chat. The cron agent uses pay-as-you-go API for scheduled jobs — typically cheaper for short-prompt automations than burning Claude Max rate limits.

Common errors

If openclaw doctor --fix doesn't resolve it, delete the relevant token file and re-run the OAuth flow:

rm ~/.openclaw/tokens/anthropic-oauth.json
openclaw models auth login --provider anthropic-oauth

When OAuth isn't worth it

• High-volume cron jobs: subscription rate limits will throttle you. Use a pay-as-you-go API key for cron, OAuth for interactive.
• Specific model needs: subscriptions expose a narrower model set than full API access. If you need a specific model variant (e.g. an embedding model, an older snapshot), use an API key.
• Team usage: subscription tokens are personal. For a shared OpenClaw deployment, use a workspace API key.

→ CLI Cheatsheet — auth commands · Supported AI providers · Pricing comparison