Xai Auth

Name: Xai Auth
Rating: 4.5 (1 reviews)
Author: mcparkMCP

By mcparkMCP 👁 25 views ▲ 1 votes

xAI Grok SSO authentication plugin for OpenClaw — use your Grok/SuperGrok subscription instead of API credits

GitHub

Install

openclaw plugins install -l

Configuration Example

{
  "plugins": {
    "xai-grok-auth": {
      "proxyPort": 19000
    }
  }
}

README

# openclaw-xai-auth

xAI Grok SSO authentication plugin for [OpenClaw](https://github.com/openclaw/openclaw). Use your Grok/SuperGrok subscription instead of paying for API credits.

## How it works

The plugin registers a `grok-sso` provider with two auth methods:

1. **Grok SSO Cookie** — pastes your browser session cookie, requests route through a local proxy that translates OpenAI format to Grok's internal web API
2. **xAI API Key** — standard API key from console.x.ai, routes directly to api.x.ai (full features)

### Architecture (SSO mode)

```
OpenClaw Gateway
    ↓ POST /v1/chat/completions (OpenAI format)
Local Proxy (127.0.0.1:18923)
    ↓ POST /rest/app-chat/conversations/new (Grok format + SSO cookie)
grok.com internal API
    ↓ NDJSON streaming response
Local Proxy (translates NDJSON → SSE)
    ↓ SSE streaming (OpenAI format)
OpenClaw Gateway
```

The proxy runs in-process with the OpenClaw Gateway for the lifetime of the daemon.

## Install

### From local path (development)

```bash
# Symlink for live editing
openclaw plugins install -l /path/to/openclaw-xai-auth

# Or copy
openclaw plugins install /path/to/openclaw-xai-auth
```

### Enable the plugin

```bash
openclaw plugins enable xai-grok-auth
```

## Setup

### Method 1: Grok SSO Cookie (subscription, no API credits)

```bash
openclaw models auth login --provider grok-sso --method sso-cookie
```

The plugin will:
1. Show instructions for extracting your SSO cookie
2. Open grok.com in your browser
3. Prompt you to paste the cookie
4. Start the local proxy and configure the provider

#### Getting your SSO cookie

**Option A — Cookies panel:**
1. Open [grok.com](https://grok.com) (make sure you're logged in)
2. DevTools (`F12`) → **Application** → **Cookies** → `https://grok.com`
3. Find `sso` → copy its **Value**

**Option B — Network request:**
1. Open grok.com → DevTools → **Network** tab
2. Send a message in Grok chat
3. Find `conversations/new` request → **Headers** → Cookie header
4. Copy the full cookie value

### Method 2: xAI API Key (standard, uses API credits)

```bash
openclaw models auth login --provider grok-sso --method api-key
```

Paste your API key from [console.x.ai](https://console.x.ai). This gives full agent features including tool calling.

## Usage

After authentication, set as your default model:

```bash
# In openclaw.json or via CLI
OPENCLAW_PRIMARY_MODEL=grok-sso/grok-3
```

Or use the alias:

```bash
OPENCLAW_PRIMARY_MODEL=grok
```

## Limitations

### SSO Cookie mode

- **No tool/function calling** — Grok's internal web API doesn't support OpenAI-style tools. The coding agent's file reads, edits, and shell commands won't work. For agent features, use the API key method.
- **Cookie expiration** — SSO cookies expire after a few days. Re-run login when you see auth errors.
- **Fragile** — relies on undocumented internal API that can change without notice.
- **No conversation persistence** — each request creates a new conversation on grok.com.
- **No token counting** — usage stats are always zero.
- **Possible ToS issues** — programmatic access via cookies may violate xAI's Terms of Service.

### API Key mode

- Full feature support, including tool calling
- Same as using the built-in xAI provider with `XAI_API_KEY`

## Configuration

The proxy port defaults to `18923`. If that's in use, it auto-increments. You can configure it in `openclaw.json`:

```json
{
  "plugins": {
    "xai-grok-auth": {
      "proxyPort": 19000
    }
  }
}
```

## Troubleshooting

### "SSO cookie expired or invalid"

Re-authenticate:
```bash
openclaw models auth login --provider grok-sso --method sso-cookie
```

### Proxy not starting

Check if port 18923 is in use:
```bash
lsof -i :18923
```

### Test the proxy directly

```bash
curl http://127.0.0.1:18923/v1/models
```

### Test Grok API directly

```bash
curl -X POST https://grok.com/rest/app-chat/conversations/new \
  -H "content-type: application/json" \
  -H "origin: https://grok.com" \
  -H "cookie: sso=YOUR_SSO_COOKIE" \
  -H "user-agent: Mozilla/5.0 ..." \
  -d '{"temporary":true,"modelName":"grok-3","message":"Hello","fileAttachments":[],"imageAttachments":[],"disableSearch":true,"enableImageGeneration":false,"returnImageBytes":false,"returnRawGrokInXaiRequest":false,"enableImageStreaming":false,"imageGenerationCount":0,"forceConcise":false,"toolOverrides":{},"enableSideBySide":false,"isPreset":false,"sendFinalMetadata":true,"customInstructions":"","deepsearchPreset":"","isReasoning":false}'
```

## References

- [opencode-xai-auth](https://github.com/mcparkMCP/opencode-xai-auth) — sister plugin for OpenCode
- [CNFlyCat/GrokProxy](https://github.com/CNFlyCat/GrokProxy) — Python reverse proxy
- [klu-ai/swift-grok](https://github.com/klu-ai/swift-grok) — Swift proxy
- [mem0ai/grok3-api](https://github.com/mem0ai/grok3-api) — Python client
- [OpenClaw Plugin Docs](https://docs.openclaw.ai/tools/plugin)

## License

MIT

integration