auth

Authentication management commands for NDCLI. These commands handle OAuth2 authentication with the NetDefense platform.

Commands

Command	Description
auth login	Authenticate with NetDefense
auth logout	Log out and revoke tokens
auth show	Show current authentication status
auth me	Show authenticated user information
auth refresh	Force refresh the access token
auth migrate	Migrate tokens from file to keyring
auth delete	Permanently delete your account

---

auth login

Authenticate using the OAuth2 device authorization flow. This opens your default browser to complete authentication.

ndcli auth login [flags]

Flags

Flag	Type	Default	Description
--force	bool	false	Force new login even if already authenticated
--scopes	string	from config	OAuth2 scopes to request

Examples

# Standard login
ndcli auth login

# Force re-authentication
ndcli auth login --force

# Login with custom scopes
ndcli auth login --scopes "openid profile email"

How It Works

1. Request device code — NDCLI requests a device code from the authentication server

2. Display verification URL — A URL and user code are displayed in your terminal

3. Browser authentication — Your browser opens to the authentication page

4. Enter code — Enter the user code and complete authentication

5. Tokens stored — NDCLI receives and securely stores your tokens

---

auth logout

Log out and revoke the current access tokens. This removes stored credentials from the keyring or file storage.

ndcli auth logout

Examples

ndcli auth logout

---

auth show

Display the current authentication status including token expiry information.

ndcli auth show

Output

• Auth Status — Whether you’re authenticated or not
• Storage Location — Keyring or file-based storage
• Token Expiry — When your access token expires
• Refresh Token — Whether a refresh token is available

Examples

ndcli auth show

---

auth me

Show detailed information about the currently authenticated user.

ndcli auth me

Output

Displays user profile information retrieved from the authentication server:

• Email — Your registered email address
• Name — Your display name
• User ID — Unique identifier
• Profile — Other profile attributes

Examples

# View your user info
ndcli auth me

# Output as JSON
ndcli auth me -f json

---

auth refresh

Force refresh the access token using the stored refresh token. This is typically handled automatically by NDCLI when needed.

ndcli auth refresh

Use Cases

When to use this command

• Troubleshooting — Diagnose authentication issues
• Long operations — Force refresh before a lengthy task
• Testing — Verify the token refresh flow works correctly

Examples

ndcli auth refresh

---

auth migrate

Migrate authentication tokens from file-based storage to the system keyring. This improves security by storing tokens in the OS credential manager.

ndcli auth migrate

Supported Keyrings

Platform	Keyring
macOS	Keychain
Linux	Secret Service (GNOME Keyring, KWallet)
Windows	Credential Manager

Examples

ndcli auth migrate

Note

If the system keyring is unavailable, the command will report an error. File-based storage remains as a fallback.

---

auth delete

Permanently delete your NetDefense account. This action cannot be undone.

ndcli auth delete [flags]

Flags

Flag	Type	Default	Description
--yes	bool	false	Skip confirmation prompt

Examples

ndcli auth delete

Danger

This permanently deletes your account and cannot be reversed. All organizations you own will also need to be deleted or transferred beforehand.