nself login

Authenticate the CLI with your nself.org account. Opens a browser-based OAuth flow, saves the session token to ~/.nself/auth.json, and refreshes existing tokens automatically.

Quick start

# Log in interactively (opens browser)
nself login

# Log in headlessly — print the URL, don't open the browser
nself login --no-browser

Synopsis

nself login [FLAGS]

Description

nself login is the shorthand alias for nself account login. It starts the OAuth 2.0 PKCE flow against nself.org/auth/cli. A local HTTP listener on a random port captures the callback, exchanges the authorization code for a session token, and writes the token to~/.nself/auth.json.

If a valid unexpired token already exists, login refreshes it silently and exits. If the token is expired or missing, the full browser flow is triggered.

In environments without a browser (SSH, CI, Docker), use --no-browser. The CLI prints the authorization URL; open it in any browser, complete the login, and the CLI resumes automatically via the callback listener.

The session token is scoped to the CLI. It is separate from any browser session you have atnself.org. You can be logged in to the CLI on multiple machines simultaneously.

Flags

Flag	Type	Default	Description
`--no-browser`	bool	false	Print the auth URL instead of opening the browser
`--timeout`	int	120	Seconds to wait for the browser OAuth callback
`--force`	bool	false	Force a new login even if a valid token exists
`--json`	bool	false	Emit the resulting session info as JSON on success

Examples

Standard login on a local machine

nself login
# Opening https://nself.org/auth/cli?state=... in your browser
# Waiting for callback...
# Logged in as aric@example.com (ɳSelf+)

Headless login in an SSH session

nself login --no-browser
# Open this URL in any browser to continue:
# https://nself.org/auth/cli?state=abcdef...
# Waiting for callback (120s)...

Login in CI using a saved token

# In CI: set NSELF_AUTH_TOKEN from a secret, skip interactive login entirely
export NSELF_AUTH_TOKEN=$NSELF_AUTH_TOKEN_CI
nself license validate    # token is used automatically

Force re-login to pick up a plan upgrade

nself login --force
# Clears cached token and starts a fresh OAuth flow

Verify login succeeded

nself login --json | jq '.email, .plan'

Token storage

Token file: ~/.nself/auth.json (mode 0600, readable by owner only)
Token TTL: 30 days (refreshed automatically on each CLI invocation)
Refresh: transparent — the CLI refreshes the token silently when it has less than 7 days remaining

Environment variables

NSELF_AUTH_TOKEN — provide the session token directly, bypassing disk (useful in CI)
NSELF_API_BASE — override the auth endpoint base URL (default: https://nself.org)
NSELF_LOGIN_TIMEOUT — override the callback wait timeout in seconds

Exit codes

0 — logged in successfully
1 — OAuth flow failed or was denied
2 — invalid arguments
3 — timeout waiting for browser callback
4 — network error reaching nself.org

nself logout — revoke the current session
nself account — manage account details, team members, and devices
nself license — activate plugin license keys

nself login

Authenticate the CLI with your nself.org account. Opens a browser-based OAuth flow, saves the session token to ~/.nself/auth.json, and refreshes existing tokens automatically.

Quick start

# Log in interactively (opens browser)
nself login

# Log in headlessly — print the URL, don't open the browser
nself login --no-browser

Synopsis

nself login [FLAGS]

Description

If a valid unexpired token already exists, login refreshes it silently and exits. If the token is expired or missing, the full browser flow is triggered.

The session token is scoped to the CLI. It is separate from any browser session you have atnself.org. You can be logged in to the CLI on multiple machines simultaneously.

Flags

Flag	Type	Default	Description
`--no-browser`	bool	false	Print the auth URL instead of opening the browser
`--timeout`	int	120	Seconds to wait for the browser OAuth callback
`--force`	bool	false	Force a new login even if a valid token exists
`--json`	bool	false	Emit the resulting session info as JSON on success

Examples

Standard login on a local machine

nself login
# Opening https://nself.org/auth/cli?state=... in your browser
# Waiting for callback...
# Logged in as aric@example.com (ɳSelf+)

Headless login in an SSH session

nself login --no-browser
# Open this URL in any browser to continue:
# https://nself.org/auth/cli?state=abcdef...
# Waiting for callback (120s)...

Login in CI using a saved token

# In CI: set NSELF_AUTH_TOKEN from a secret, skip interactive login entirely
export NSELF_AUTH_TOKEN=$NSELF_AUTH_TOKEN_CI
nself license validate    # token is used automatically

Force re-login to pick up a plan upgrade

nself login --force
# Clears cached token and starts a fresh OAuth flow

Verify login succeeded

nself login --json | jq '.email, .plan'

Token storage

Token file: ~/.nself/auth.json (mode 0600, readable by owner only)
Token TTL: 30 days (refreshed automatically on each CLI invocation)
Refresh: transparent — the CLI refreshes the token silently when it has less than 7 days remaining

Environment variables

NSELF_AUTH_TOKEN — provide the session token directly, bypassing disk (useful in CI)
NSELF_API_BASE — override the auth endpoint base URL (default: https://nself.org)
NSELF_LOGIN_TIMEOUT — override the callback wait timeout in seconds

Exit codes

0 — logged in successfully
1 — OAuth flow failed or was denied
2 — invalid arguments
3 — timeout waiting for browser callback
4 — network error reaching nself.org

nself logout — revoke the current session
nself account — manage account details, team members, and devices
nself license — activate plugin license keys

nself login

Quick start

Synopsis

Description

Flags

Examples

Standard login on a local machine

Headless login in an SSH session

Login in CI using a saved token

Force re-login to pick up a plan upgrade

Verify login succeeded

Token storage

Environment variables

Exit codes

Related

nself login

Quick start

Synopsis

Description

Flags

Examples

Standard login on a local machine

Headless login in an SSH session

Login in CI using a saved token

Force re-login to pick up a plan upgrade

Verify login succeeded

Token storage

Environment variables

Exit codes

Related