Authentication
Before you can push or pull sessions, you need to authenticate with the CodeTeleport API. The CLI supports two login methods: GitHub OAuth and email/password.
Interactive login
Section titled “Interactive login”Run codeteleport auth login with no flags to get an interactive prompt:
codeteleport auth loginHow do you want to log in? 1) GitHub 2) Email & Password> _GitHub OAuth
Section titled “GitHub OAuth”The recommended way to log in. Pass --github to skip the prompt:
codeteleport auth login --github- A local callback server starts on a random port.
- Your default browser opens the GitHub authorization page.
- After you approve, GitHub redirects back to the local server with a token.
- The CLI exchanges the token for an API key and saves it.
Opening browser for GitHub login...If the browser doesn't open, visit: https://api.codeteleport.com/v1/auth/github?cli_port=54321
Logged in via GitHubDevice: bobs-laptopAPI: https://api.codeteleport.com/v1Config saved to ~/.codeteleport/config.jsonEmail and password
Section titled “Email and password”Use --email to log in with credentials:
codeteleport auth login --emailEmail: bob@example.comPassword: ********
Logged in as bob@example.comDevice: bobs-laptopAPI: https://api.codeteleport.com/v1Config saved to ~/.codeteleport/config.jsonCreating a new account
Section titled “Creating a new account”Pass --register to create an account and log in at the same time:
codeteleport auth login --registerEmail: bob@example.comPassword: ********
Account created for bob@example.comLogged in as bob@example.comDevice: bobs-laptopAPI: https://api.codeteleport.com/v1Config saved to ~/.codeteleport/config.jsonPointing to a different API server
Section titled “Pointing to a different API server”Use --api-url to authenticate against a development or self-hosted server instead of production:
codeteleport auth login --github --api-url http://localhost:8787/v1This is useful when running the CodeTeleport API locally during development. The URL is saved to your config file, so all subsequent CLI commands will use it.
How tokens work
Section titled “How tokens work”Authentication uses a two-step process:
| Step | Token type | Format | Lifetime |
|---|---|---|---|
| Login | JWT | Standard JSON Web Token | Short-lived (minutes) |
| CLI operations | API token | ctk_live_... | Long-lived (until revoked) |
- When you log in (via GitHub or email), the server issues a short-lived JWT.
- The CLI immediately uses that JWT to create a device-scoped API token (
ctk_live_...). - The API token is saved to
~/.codeteleport/config.jsonand used for all subsequent requests. - The JWT is discarded — only the API token persists.
The API token is hashed (SHA-256) on the server side. If the config file is compromised, you can revoke the token from the dashboard without affecting other devices.
Logging out
Section titled “Logging out”To remove local credentials:
codeteleport auth logoutLogged out. Config removed.This deletes ~/.codeteleport/config.json. It does not revoke the API token on the server — do that from the dashboard if needed.
Config file
Section titled “Config file”After login, your credentials are stored at ~/.codeteleport/config.json with 600 permissions (owner read/write only). See Configuration for details on the file format and fields.
Full CLI reference
Section titled “Full CLI reference”For all auth subcommands and flags, see the auth CLI reference.