Skip to content

docs(cli): document interactive login and multi-account#56

Merged
acoshift merged 1 commit into
mainfrom
docs-cli-login
Jun 28, 2026
Merged

docs(cli): document interactive login and multi-account#56
acoshift merged 1 commit into
mainfrom
docs-cli-login

Conversation

@acoshift

Copy link
Copy Markdown
Member

What

The browser-based deploys login flow (and the multi-account management around it) shipped, but content/automation/cli.md only referenced it in a single line of the auth-precedence list — there was no walkthrough. This adds a "Logging in" section covering:

  • deploys login — the OAuth authorization-code + PKCE flow over a loopback redirect, where the credential is stored (your config dir; DEPLOYS_CONFIG_DIR to override), and that it's the stored-login tier of the precedence list, so it doesn't interfere with CI's env-var auth.
  • Multiple accounts — credentials keyed by (endpoint, email): deploys auth list / switch, -account / DEPLOYS_ACCOUNT, deploys auth status, session expiry and re-login (the CLI has no refresh grant yet, so it warns near expiry and you run deploys login again), deploys logout / -all.
  • Headless / SSHdeploys login -no-browser (forward the printed callback port) and deploys auth token for scripts.

Why

A whole shipped, user-facing authentication path was effectively invisible in the docs. Interactive login is the easiest way for a human to use the CLI, so it deserves a real walkthrough next to the env-var/CI options.

Verification

Every command, flag, and behavioral claim was checked against the CLI source:

  • auth subcommands and their flags, and the login/logout aliases — deploys/internal/runner/help.go.
  • credential precedence (stored login sits below env auth) — main.go newAPIClient.
  • session expiry warning and the absence of an auto-refresh ("no refresh grant exists") — main.go / internal/auth/resolve.go.

Content-only change to one Markdown file; the /access/service-accounts/ link is already used elsewhere in the page.

The browser-based 'deploys login' flow shipped but the CLI docs only
mentioned it in one line of the auth precedence list — there was no walkthrough
of signing in, switching between accounts, or using it on a headless host. Add
a 'Logging in' section covering:

- deploys login (OAuth authorization-code + PKCE over a loopback redirect),
  where the credential is stored (config dir; DEPLOYS_CONFIG_DIR), and that it
  is the stored-login tier of the precedence list (so it doesn't interfere with
  CI's env-var auth).
- Multiple accounts keyed by (endpoint, email): deploys auth list / switch,
  -account / DEPLOYS_ACCOUNT, deploys auth status, session expiry + re-login
  (the CLI has no refresh grant yet, so it warns and you run deploys login
  again), deploys logout / -all.
- Headless/SSH use via deploys login -no-browser, and deploys auth token for
  scripts.

Every command and flag was checked against the CLI help registry
(internal/runner/help.go) and the credential precedence in main.go.
@deploys-app deploys-app Bot temporarily deployed to pr-56 June 28, 2026 18:10 Destroyed
@deploys-app

deploys-app Bot commented Jun 28, 2026

Copy link
Copy Markdown

Preview deleted (PR closed).

@acoshift acoshift merged commit 4ef3451 into main Jun 28, 2026
1 check passed
@acoshift acoshift deleted the docs-cli-login branch June 28, 2026 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant