Redgate Clone

Authenticate CLI against API Server

Prior to running any commands via rgclone the CLI must be authenticated against the Web API. Otherwise, all client-side calls will result in the 'Unauthorized' response received from the Web server.

All authentication requests are done via the rgclone auth command.

Contents

Authentication types

There are two ways to authenticate in the Using the CLI:

  • Token based - The access token defined by the system administrator in the Admin Console needs to be passed as a parameter. It's intended for usage in CI/CD pipelines.
  • OpenID Connect (OIDC) device flow - This option interacts with the identity provider, enabling scenarios with single sign-on or two-factor authentication, configured by the system administrator in the Admin Console. It requires a web browser. It's intended for human usage.

Authentication in rgclone

Authentication via token

Single session

To authenticate for the existing session only, replace <access-token> with the rgclone access token set by the system administrator – via Authentication Settings–  and run:

rgclone auth -t "<access-token>"

Persistent token-based authentication

For persistent authentication across any sessions within your machine, set the environment variable in your desired shell terminal.

// Linux
export RGCLONE_ACCESS_TOKEN="<access-token>"

// Windows
set RGCLONE_ACCESS_TOKEN="<access-token>"

RGCLONE_ACCESS_TOKEN has precedence

Regardless of whether you setup rgclone for token based or OIDC device flow authentication, if RGCLONE_ACCESS_TOKEN is set in your environment, the CLI will always use that value.

Remember to update

When/if the system administrator will change the access token via the Admin Console, the environmental variable value will have to be updated accordingly.

Authentication via OIDC device flow

OIDC device flow authentication, which goes through an identity provider configured by the system administrator, can be triggered by running the auth command without any parameters.


Authenticating using OIDC device flow via identity provider

rgclone auth


You'll need to be able to access a web browser to complete the authentication.


Didn't find what you were looking for?