Authenticate CLI against API Server
Published 30 November 2021
Prior to running any commands via rgclone
the CLI must be authenticated against the Web API. Otherwise, all client-side calls will result in the 'Unauthorized' response received from the Web server.
All authentication requests are done via the rgclone auth
command.
Contents
Authentication types
There are two ways to authenticate in the Using the CLI:
- Token based - The access token defined by the system administrator in the Admin Console needs to be passed as a parameter. It's intended for usage in CI/CD pipelines.
- OpenID Connect (OIDC) device flow - This option interacts with the identity provider, enabling scenarios with single sign-on or two-factor authentication, configured by the system administrator in the Admin Console. It requires a web browser. It's intended for human usage.
Authentication in rgclone
Authentication via token
Single session
To authenticate for the existing session only, replace <access-token>
with the rgclone
access token set by the system administrator – via Authentication Settings– and run:
rgclone auth -t "<access-token>"
Persistent token-based authentication
For persistent authentication across any sessions within your machine, set the environment variable in your desired shell terminal.
// Linux export RGCLONE_ACCESS_TOKEN="<access-token>" // Windows set RGCLONE_ACCESS_TOKEN="<access-token>"
RGCLONE_ACCESS_TOKEN has precedence
Regardless of whether you setup rgclone
for token based or OIDC device flow authentication, if RGCLONE_ACCESS_TOKEN
is set in your environment, the CLI will always use that value.
Remember to update
When/if the system administrator will change the access token via the Admin Console, the environmental variable value will have to be updated accordingly.
Authentication via OIDC device flow
OIDC device flow authentication, which goes through an identity provider configured by the system administrator, can be triggered by running the auth
command without any parameters.
Authenticating using OIDC device flow via identity provider
rgclone auth
You'll need to be able to access a web browser to complete the authentication.