Skip to main content

Authentication Commands

Manage your authentication and account settings with the Erdo CLI.

erdo login

Authenticate with the Erdo platform to access your account and agents.

Basic Usage

# Interactive login
erdo login

# Force re-authentication (clears existing tokens)
erdo login --force

# Login with specific server
erdo login --server https://api.erdo.ai

Authentication Methods

Command Options

OptionDescriptionExample
--forceForce re-authenticationerdo login --force
--serverSpecify server URLerdo login --server https://staging.erdo.ai
--methodAuthentication methoderdo login --method oauth
--tokenUse API tokenerdo login --token abc123
--portOAuth callback porterdo login --port 8080
--timeoutLogin timeout (seconds)erdo login --timeout 60
--no-browserSkip browser openingerdo login --no-browser

Examples

# Configure CLI and login
erdo configure --server https://api.erdo.ai
erdo login

# Verify authentication

erdo whoami

erdo logout

Log out from the Erdo platform and clear stored authentication. 
# Logout from current server
erdo logout

# Logout and clear all cached data
erdo logout --clear-cache

# Logout from specific server
erdo logout --server https://staging.erdo.ai

Options

OptionDescription
--clear-cacheClear all cached authentication data
--serverLogout from specific server
--allLogout from all configured servers

erdo whoami

Display current authentication status and user information. 
# Basic user info
erdo whoami

# Detailed information
erdo whoami --verbose

# Check specific server
erdo whoami --server https://api.erdo.ai

# Output as JSON
erdo whoami --format json

Output Information

User: [email protected]
Organization: Acme Corp
Server: https://api.erdo.ai
Plan: Professional
Status: Active

User Information:
  Email: [email protected]
  Name: John Doe
  ID: user_abc123

Organization:
  Name: Acme Corp
  ID: org_xyz789
  Role: Admin

Authentication:
  Method: OAuth
  Server: https://api.erdo.ai
  Token Expires: 2024-12-31 23:59:59 UTC
  Last Login: 2024-01-15 10:30:00 UTC

Subscription:
  Plan: Professional
  Status: Active
  Agents Limit: 100
  Storage Limit: 10GB

erdo token

Manage API tokens for programmatic access.

Create Token

# Create new token
erdo token create --name "CI/CD Pipeline"

# Create token with specific permissions
erdo token create --name "Read Only" --permissions read

# Create token with expiration
erdo token create --name "Temporary" --expires 7d

List Tokens

# List all tokens
erdo token list

# List with details
erdo token list --verbose

# Filter by status
erdo token list --status active

Revoke Token

# Revoke specific token
erdo token revoke --id token_123

# Revoke by name
erdo token revoke --name "Old Token"

# Revoke all tokens
erdo token revoke --all

Token Options

OptionDescriptionExample
--nameToken display name--name "Production Deploy"
--permissionsToken permissions--permissions read,write
--expiresExpiration time--expires 30d
--scopeToken scope--scope organization

Authentication Troubleshooting

Common Issues:
  • Invalid credentials
  • Network connectivity
  • Server configuration
Solutions:
# Test connectivity
erdo configure --test-connection

# Clear auth cache
rm ~/.erdo/auth.json

# Force re-authentication
erdo login --force

# Check server status
curl -I https://api.erdo.ai/health
Common Issues:
  • Expired tokens
  • Insufficient permissions
  • Rate limiting
Solutions:
# Check token status
erdo whoami --verbose

# Refresh token
erdo login --force

# Create new token with correct permissions
erdo token create --name "New Token" --permissions admin
Common Issues:
  • Browser not opening
  • Callback URL issues
  • Provider configuration
Solutions:
# Manual browser login
erdo login --no-browser
# Then visit the provided URL manually

# Use different callback port
erdo login --port 9090

# Contact admin for SSO configuration

Security Best Practices

Token Management

  • Use specific token permissions - Set appropriate expiration dates - Rotate tokens regularly - Store tokens securely

Environment Security

  • Use environment variables for tokens - Don’t commit tokens to version control - Use different tokens per environment - Monitor token usage

Access Control

  • Follow principle of least privilege - Use organization-scoped tokens - Regular access reviews - Revoke unused tokens

Monitoring

  • Monitor login attempts - Track token usage - Set up alerts for suspicious activity - Regular security audits

Configuration Files

Authentication Config

The CLI stores authentication data in ~/.erdo/auth.json: 
{
  "servers": {
    "https://api.erdo.ai": {
      "user": {
        "email": "[email protected]",
        "id": "user_123",
        "name": "John Doe"
      },
      "organization": {
        "id": "org_456",
        "name": "Acme Corp",
        "role": "admin"
      },
      "auth": {
        "method": "oauth",
        "token": "encrypted_token_data",
        "expires_at": "2024-12-31T23:59:59Z",
        "refresh_token": "encrypted_refresh_token"
      }
    }
  },
  "default_server": "https://api.erdo.ai"
}

Environment Variables

# Authentication
export ERDO_API_TOKEN="your_token_here"
export ERDO_SERVER_URL="https://api.erdo.ai"

# OAuth Configuration
export ERDO_OAUTH_CLIENT_ID="your_client_id"
export ERDO_OAUTH_CALLBACK_PORT="8080"

# SSO Configuration
export ERDO_SSO_PROVIDER="okta"
export ERDO_SSO_DOMAIN="company.okta.com"