Auth

Allows to authenticate to a sfp server

`sfp server auth clear`

This command clears all the local tokens created by sfp server auth login command

USAGE
  $ sfp server auth clear [--json] [-e <value> | -a] [-g <value>...] [--loglevel
    trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -a, --all                         Clear all users
  -e, --email=<value>               Email of the user
  -g, --logsgroupsymbol=<value>...  Symbol used by CICD platform to group/collapse logs in the console. Provide an
                                    opening group, and an optional closing group symbol.
      --loglevel=<option>           [default: info] logging level for this command invocation
                                    <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>

GLOBAL FLAGS
  --json  Format output as json.

DESCRIPTION
  This command clears all the local tokens created by sfp server auth login command

EXAMPLES
  $ sfp server auth clear --email [email protected]

  $ sfp server auth clear --all

See code: src/commands/server/auth/clear.ts

`sfp server auth display`

Display authentication token information

USAGE
  $ sfp server auth display -e <value> [--json] [--jwt] [-g <value>...] [--loglevel
    trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -e, --email=<value>               (required) Email of the user
  -g, --logsgroupsymbol=<value>...  Symbol used by CICD platform to group/collapse logs in the console. Provide an
                                    opening group, and an optional closing group symbol.
      --jwt                         Display JWT of the user
      --loglevel=<option>           [default: info] logging level for this command invocation
                                    <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>

GLOBAL FLAGS
  --json  Format output as json.

DESCRIPTION
  Display authentication token information

EXAMPLES
  $ sfp server auth display --email [email protected]

  $ sfp server auth display -e [email protected] --jwt

See code: src/commands/server/auth/display.ts

`sfp server auth list`

This command lists all auth tokens of users and its status stored locally

USAGE
  $ sfp server auth list [--json] [-g <value>...] [--loglevel
    trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -g, --logsgroupsymbol=<value>...  Symbol used by CICD platform to group/collapse logs in the console. Provide an
                                    opening group, and an optional closing group symbol.
      --loglevel=<option>           [default: info] logging level for this command invocation
                                    <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>

GLOBAL FLAGS
  --json  Format output as json.

DESCRIPTION
  This command lists all auth tokens of  users and its status stored locally

EXAMPLES
  $ sfp server auth list

  $ sfp server auth list --json

See code: src/commands/server/auth/list.ts

Authenticate with the SFP server using various authentication strategies. This creates a JWT token stored securely in the keychain for subsequent commands.

USAGE
  $ sfp server auth login -e <value> [--json] [--password <value> --admin] [--password-file <value> ] [--sfp-server-url
    <value>] [-i] [--global-auth] [--sso-domain <value> --provider github|saml] [--sso-provider-id <value> ] [-g
    <value>...] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -e, --email=<value>               (required) Email of the user
  -g, --logsgroupsymbol=<value>...  Symbol used by CICD platform to group/collapse logs in the console. Provide an
                                    opening group, and an optional closing group symbol.
  -i, --impersonate                 Use impersonate mode to impersonate an existing user in the system, Need secrets
                                    such as SUPABASE_JWT_SECRET ,
                                    SUPABASE_SERVICE_KEY and SUPABASE_URL of your sfp server instance.
      --admin                       Log in as an admin user using username and password
      --[no-]global-auth            Use global authentication configuration instead of environment variables. When
                                    enabled, environment variables will not override the global configuration.
      --loglevel=<option>           [default: info] logging level for this command invocation
                                    <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>
      --password=<value>            Admin password for non-interactive login (insecure, prefer password-file)
      --password-file=<value>       Path to file containing admin password
      --provider=<option>           [default: github] Authentication provider to use (github, saml)
                                    <options: github|saml>
      --sfp-server-url=<value>      [default: http://localhost:3029, env: SFP_SERVER_URL] URL of the SFP server, You can
                                    also set this using the `SFP_SERVER_URL` environment variable
      --sso-domain=<value>          SSO domain for SAML authentication (e.g., company.com)
      --sso-provider-id=<value>     SSO provider ID for SAML authentication

GLOBAL FLAGS
  --json  Format output as json.

DESCRIPTION
  Authenticate with the SFP server using various authentication strategies. This creates a JWT token stored securely in
  the keychain for subsequent commands.

  Authentication methods:
  - OAuth (default): Uses GitHub OAuth through Supabase for authentication
  - SAML SSO: Enterprise single sign-on authentication via SAML providers
  * Requires a custom Supabase instance with SAML enabled (Pro plan or higher)
  * Cannot be used with --global-auth flag
  * Must configure auth-supabase-url to point to your SAML-enabled instance
  - Admin: Username/password authentication for admin users (--admin flag)
  - Impersonate: Create tokens for existing users (requires SUPABASE_JWT_SECRET)

  Custom authentication endpoints can be configured using:
  - `sfp config:set auth-supabase-url <url>` - Override default Supabase URL
  - `sfp config:set auth-supabase-anon-key <key>` - Override default anonymous key
  - `sfp config:set auth-sso-domain <domain>` - Set SSO domain for SAML authentication
  - `sfp config:set auth-sso-provider-id <id>` - Set SSO provider ID for SAML authentication
  - Environment variables: SUPABASE_URL, SUPABASE_ANON_KEY, AUTH_SSO_DOMAIN, AUTH_SSO_PROVIDER_ID

EXAMPLES
  $ sfp server auth login --email "[email protected]"

  $ sfp server auth login --email "[email protected]" --admin --password mypassword

  $ sfp server auth login --email "[email protected]" --admin --password-file ./password.txt



  # SAML SSO authentication (requires custom Supabase instance with SAML enabled)

  # Note: Global auth is automatically disabled for SAML authentication

  $ sfp server auth login --email "[email protected]" --provider saml --sso-domain company.com

  $ sfp server auth login --email "[email protected]" --provider saml --sso-provider-id abc-123-def



  # Configure custom Supabase instance

  $ sfp config:set auth-supabase-url https://my-supabase.example.com

  $ sfp config:set auth-supabase-anon-key eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

  $ sfp server auth login --email "[email protected]"



  # Configure SAML SSO via config (must set custom Supabase URL first)

  $ sfp config:set auth-supabase-url https://your-supabase-instance.supabase.co

  $ sfp config:set auth-supabase-anon-key your-anon-key-here

  $ sfp config:set auth-sso-domain company.com

  $ sfp server auth login --email "[email protected]" --provider saml

See code: src/commands/server/auth/login.ts

Last updated 15 days ago

Was this helpful?

USAGE
  $ sfp server auth login -e <value> [--json] [--password <value> --admin] [--password-file <value> ] [--sfp-server-url
    <value>] [-i] [--global-auth] [--sso-domain <value> --provider github|saml] [--sso-provider-id <value> ] [-g
    <value>...] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -e, --email=<value>               (required) Email of the user
  -g, --logsgroupsymbol=<value>...  Symbol used by CICD platform to group/collapse logs in the console. Provide an
                                    opening group, and an optional closing group symbol.
  -i, --impersonate                 Use impersonate mode to impersonate an existing user in the system, Need secrets
                                    such as SUPABASE_JWT_SECRET ,
                                    SUPABASE_SERVICE_KEY and SUPABASE_URL of your sfp server instance.
      --admin                       Log in as an admin user using username and password
      --[no-]global-auth            Use global authentication configuration instead of environment variables. When
                                    enabled, environment variables will not override the global configuration.
      --loglevel=<option>           [default: info] logging level for this command invocation
                                    <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>
      --password=<value>            Admin password for non-interactive login (insecure, prefer password-file)
      --password-file=<value>       Path to file containing admin password
      --provider=<option>           [default: github] Authentication provider to use (github, saml)
                                    <options: github|saml>
      --sfp-server-url=<value>      [default: http://localhost:3029, env: SFP_SERVER_URL] URL of the SFP server, You can
                                    also set this using the `SFP_SERVER_URL` environment variable
      --sso-domain=<value>          SSO domain for SAML authentication (e.g., company.com)
      --sso-provider-id=<value>     SSO provider ID for SAML authentication

GLOBAL FLAGS
  --json  Format output as json.

DESCRIPTION
  Authenticate with the SFP server using various authentication strategies. This creates a JWT token stored securely in
  the keychain for subsequent commands.

  Authentication methods:
  - OAuth (default): Uses GitHub OAuth through Supabase for authentication
  - SAML SSO: Enterprise single sign-on authentication via SAML providers
  * Requires a custom Supabase instance with SAML enabled (Pro plan or higher)
  * Cannot be used with --global-auth flag
  * Must configure auth-supabase-url to point to your SAML-enabled instance
  - Admin: Username/password authentication for admin users (--admin flag)
  - Impersonate: Create tokens for existing users (requires SUPABASE_JWT_SECRET)

  Custom authentication endpoints can be configured using:
  - `sfp config:set auth-supabase-url <url>` - Override default Supabase URL
  - `sfp config:set auth-supabase-anon-key <key>` - Override default anonymous key
  - `sfp config:set auth-sso-domain <domain>` - Set SSO domain for SAML authentication
  - `sfp config:set auth-sso-provider-id <id>` - Set SSO provider ID for SAML authentication
  - Environment variables: SUPABASE_URL, SUPABASE_ANON_KEY, AUTH_SSO_DOMAIN, AUTH_SSO_PROVIDER_ID

EXAMPLES
  $ sfp server auth login --email "[email protected]"

  $ sfp server auth login --email "[email protected]" --admin --password mypassword

  $ sfp server auth login --email "[email protected]" --admin --password-file ./password.txt



  # SAML SSO authentication (requires custom Supabase instance with SAML enabled)

  # Note: Global auth is automatically disabled for SAML authentication

  $ sfp server auth login --email "[email protected]" --provider saml --sso-domain company.com

  $ sfp server auth login --email "[email protected]" --provider saml --sso-provider-id abc-123-def



  # Configure custom Supabase instance

  $ sfp config:set auth-supabase-url https://my-supabase.example.com

  $ sfp config:set auth-supabase-anon-key eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

  $ sfp server auth login --email "[email protected]"



  # Configure SAML SSO via config (must set custom Supabase URL first)

  $ sfp config:set auth-supabase-url https://your-supabase-instance.supabase.co

  $ sfp config:set auth-supabase-anon-key your-anon-key-here

  $ sfp config:set auth-sso-domain company.com

  $ sfp server auth login --email "[email protected]" --provider saml