Command-line interface

swh auth

Software Heritage Authentication tools.

This CLI eases the retrieval of a bearer token to authenticate a user querying Software Heritage Web APIs.

swh auth [OPTIONS] COMMAND [ARGS]...

Options

-C, --config-file <config_file>

Path to configuration file

Default:

'/home/jenkins/.config/swh/global.yml'

-u, --oidc-server-url <oidc_server_url>

URL of OpenID Connect server, default to ‘https://auth.softwareheritage.org/auth/’

-r, --realm-name <realm_name>

Name of the OpenID Connect authentication realm, default to ‘SoftwareHeritage’

-c, --client-id <client_id>

OpenID Connect client identifier in the realm, default to ‘SoftwareHeritage’

Environment variables

SWH_CONFIG_FILENAME

Provide a default for -C

config

Guided authentication configuration for Software Heritage web services

If you do not already have an account, create one at “https://archive.softwareheritage.org/”

swh auth config [OPTIONS]

Options

--username <username>

OpenID username

--token <token>

A valid OpenId connect token to authenticate to “https://auth.softwareheritage.org/auth/”

generate-token

Generate a new bearer token for a Web API authentication.

Login with USERNAME, create a new OpenID Connect session and get bearer token.

Users will be prompted for their password, then the token will be printed to standard output.

The created OpenID Connect session is an offline one so the provided token has a much longer expiration time than classical OIDC sessions (usually several dozens of days).

swh auth generate-token [OPTIONS] USERNAME

Options

-p, --password <password>

OpenID Connect client password in the realm

Arguments

USERNAME

Required argument

revoke-token

Revoke a bearer token used for a Web API authentication.

Use TOKEN to logout from an offline OpenID Connect session.

The token is definitely revoked after that operation.

swh auth revoke-token [OPTIONS] TOKEN

Arguments

TOKEN

Required argument