Prior to running any commands via rgclone the CLI must be authenticated against the Web API. Otherwise, all client-side calls will result in the 'Unauthorized' response received from the Web server.

All authentication requests are done via the rgclone auth command.

Contents

Authentication types

There are two ways to authenticate in the Using the CLI:

• Token based - The access token defined by the system administrator in the Admin Console needs to be passed as a parameter. It's intended for usage in CI/CD pipelines.
• OpenID Connect (OIDC) device flow - This option interacts with the identity provider, enabling scenarios with single sign-on or two-factor authentication, configured by the system administrator in the Admin Console. It requires a web browser. It's intended for human usage.

Authentication in rgclone

Authentication via token

Single session

To authenticate for the existing session only, replace <access-token> with the rgclone access token set by the system administrator – via Authentication Settings–  and run:

rgclone auth -t "<access-token>"

Persistent token-based authentication

For persistent authentication across any sessions within your machine, set the environment variable in your desired shell terminal.

// Linux
export RGCLONE_ACCESS_TOKEN="<access-token>"

// Windows
set RGCLONE_ACCESS_TOKEN="<access-token>"

Authentication via OIDC device flow

OIDC device flow authentication, which goes through an identity provider configured by the system administrator, can be triggered by running the auth command without any parameters.

rgclone auth

You'll need to be able to access a web browser to complete the authentication.