glab-auth

Log in with interactive prompt

$ glab auth login

$ glab auth login [[-t|--token]] [token]

$ glab auth status

$ glab auth login [[-h|--hostname]] [gitlab.example.com]

glab auth command [flags]

Available Commands:
  login       Log in to GitLab
  logout     Log out of GitLab
  status     View authentication status
  refresh    Refresh stored authentication token
  git-credential Use glab as a Git credential helper

--hostname
    Specify the GitLab instance hostname to authenticate against or manage credentials for. Defaults to gitlab.com.

--web
    Open a web browser for interactive OAuth authentication (primarily used with login).

--token
    Provide a GitLab Personal Access Token (PAT) directly for non-interactive login (used with login).

--scopes
    Define the OAuth scopes or token permissions required for the authentication session (used with login). Common scopes include api, sudo, read_repository.

--help
    Show help for the command or subcommand.

The glab auth command is a crucial component of the glab command-line interface, the official CLI for GitLab. It provides a comprehensive set of tools for managing user authentication with GitLab instances. This includes logging in using various methods (interactive web flow, personal access tokens), logging out, checking the current authentication status, and refreshing existing tokens.

It simplifies interaction with GitLab APIs for developers, administrators, and CI/CD pipelines by securely storing and managing authentication credentials. The glab auth subcommands streamline common authentication tasks, eliminating the need to manually handle tokens or browser-based logins for every operation, thus enhancing productivity and scripting capabilities.

Authentication tokens, especially Personal Access Tokens (PATs), grant significant access to your GitLab account. Ensure they are handled securely and their scopes are limited to the minimum necessary permissions to prevent unauthorized access.

The --web authentication method requires a functional web browser and network connectivity to the specified GitLab instance for the OAuth flow to complete successfully.

glab auth primarily manages credentials stored by glab itself; it does not directly manage SSH keys or other system-wide Git authentication methods unless configured as a Git credential helper.

glab auth supports multiple ways to authenticate with your GitLab instance:

• Web Flow (OAuth): This is the recommended interactive method, opening a browser to complete the authentication process securely using GitLab's OAuth 2.0.
• Personal Access Token (PAT): Allows direct login using a pre-generated PAT, suitable for scripting, CI/CD environments, or when a web browser is unavailable.
• Git Credential Helper: The glab auth git-credential subcommand integrates glab with Git's credential helper mechanism. This enables Git commands (like git push or git pull) to automatically use your glab-managed GitLab credentials without requiring separate authentication for Git operations.

Authentication tokens and configuration settings for glab are typically stored in a YAML file, commonly located at ~/.config/glab-cli/config.yml or ~/.config/glab/config.yml, depending on the version and installation. This file securely stores hostnames, tokens, and other preferences for quick access by glab commands, ensuring persistence across sessions.

The glab CLI, including its auth subcommand, is an official open-source project developed and maintained by GitLab Inc. It was created to provide a native, efficient, and user-friendly command-line experience for interacting with GitLab. The auth functionality has been a core part of glab since its early releases, continually evolving to support modern authentication flows like OAuth and integrating seamlessly with Git's credential helper mechanism to enhance the developer workflow and simplify CI/CD scripting.

glab(1), git-credential(7), git(1)