Two ways to authenticate: browser-based SSO (moss login) for interactive use, or API key (moss auth login --key ...) for scripting and CI/CD.
moss login
Log in via your browser. This is the recommended method for interactive use — it opens the MossDesk dashboard, you authorize the CLI, and credentials are saved automatically.
moss login --no-browser --timeout 180
| Option | Required | Description |
|---|
--no-browser | No | Print the URL instead of opening a browser (useful for headless/SSH environments) |
--timeout <seconds> | No | Timeout in seconds (default: 120) |
moss login is a top-level command, not under auth. It’s the fastest way to get started.
moss auth login
Save an API key for a workspace. Use this for non-interactive environments like CI pipelines or automation scripts.
moss auth login --key moss_k_your_api_key_here
| Option | Required | Description |
|---|
--key <key> | Yes | API key (moss_k_...) |
--workspace <id> | No | Workspace ID to associate with |
~/.moss/config.json. If --workspace is provided, it becomes the active workspace.
moss auth logout
Remove saved credentials.
| Option | Required | Description |
|---|
--workspace <id> | No | Workspace to remove (default: active workspace) |
moss auth whoami
Show the current authentication context — user info and active workspace.
{
"data": {
"user_id": "usr_abc123",
"email": "you@example.com",
"workspace_id": "ws_abc123",
"scope": "full"
}
}
