EIP-1167 Minimal Proxy msg.sender

Hello , I am struggling to understand minimal proxies I am using clones.sol from openzeppelin liblaries and it says this contract delegates all calls to the logic contract but msg.sender is the proxy address instead of my wallet address when I call a function through proxy contract externally. Am I doing something wrong or is this intended , thanks.

This is the upgradeable token I created from openzeppelin wizard I added a check to it for msg.sender

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.4;

import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";

import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";

import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";

contract ERC20MintableUpgradeable is Initializable, ERC20Upgradeable, AccessControlUpgradeable {

    bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");

    /// @custom:oz-upgrades-unsafe-allow constructor

    constructor() initializer {}

    function initialize(string memory tokenName,string memory tokenSymbol,uint totalSupply) initializer public {

        require(msg.sender == tx.origin,"Msg sender is proxy");



        _grantRole(DEFAULT_ADMIN_ROLE, msg.sender);

        _grantRole(MINTER_ROLE, msg.sender);


    function mint(address to, uint256 amount) public onlyRole(MINTER_ROLE) {

        _mint(to, amount);




This is the factory contract that creates proxies using clone function

// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.7;
import "@openzeppelin/contracts/access/Ownable.sol";

import "@openzeppelin/contracts/proxy/Clones.sol";

import "./ERC20MintableUpgradeable.sol";

contract MinimalTokenFactory is Ownable{

  address tokenImplementationAddress;
        tokenImplementationAddress = address(new ERC20MintableUpgradeable());
    function createToken(string memory tokenName,string memory tokenSymbol,uint totalSupply) public  returns (address){


        ERC20MintableUpgradeable clone =  ERC20MintableUpgradeable(Clones.clone(tokenImplementationAddress));


        return address(clone);



If I try to create a token through this proxy , instead of my wallet proxy gets the role permission.

The msg.sender is not the proxy. It's the factory, when you call this function:

So it's the factory that's getting the permission.

What you can do to fix this is make it into:

clone.initialize(tokenName, tokenSymbol, totalSupply);