Command-line interface#

swh auth#

Software Heritage Authentication tools.

This CLI eases the retrieval of a bearer token to authenticate a user querying Software Heritage Web APIs.

swh auth [OPTIONS] COMMAND [ARGS]...


--oidc-server-url <oidc_server_url>#

URL of OpenID Connect server (default to “”)

--realm-name <realm_name>#

Name of the OpenID Connect authentication realm (default to “SoftwareHeritage”)

--client-id <client_id>#

OpenID Connect client identifier in the realm (default to “swh-web”)


Generate a new bearer token for a Web API authentication.

Login with USERNAME, create a new OpenID Connect session and get bearer token.

Users will be prompted for their password, then the token will be printed to standard output.

The created OpenID Connect session is an offline one so the provided token has a much longer expiration time than classical OIDC sessions (usually several dozens of days).

swh auth generate-token [OPTIONS] USERNAME



Required argument


Revoke a bearer token used for a Web API authentication.

Use TOKEN to logout from an offline OpenID Connect session.

The token is definitely revoked after that operation.

swh auth revoke-token [OPTIONS] TOKEN



Required argument