Skip to main content

Device Code Authentication

DepFixer uses a device code flow for secure CLI authentication. This is the same pattern used by GitHub CLI, Vercel, and other modern developer tools.

How It Works

  1. CLI requests code - You run npx depfixer login
  2. Server generates code - A unique verification code is created
  3. Browser opens - You’re taken to the verification page
  4. You authorize - Enter the code and log in
  5. CLI receives token - Access granted automatically

Step by Step

1. Initiate Login

npx depfixer login

2. Receive Verification Code

🔐 DEVICE CODE LOGIN
──────────────────────────────────────────────────

    Your verification code:

          ABCD-1234

    Opening browser to complete login...
    Waiting for authorization...

3. Authorize in Browser

In the browser:
  1. Log in or create an account
  2. Verify the code matches
  3. Click “Authorize”

4. CLI Receives Token

✓ Logged in successfully

👤 ACCOUNT DETAILS
────────────────────────────────────────
    Name:     John Doe
    Email:    [email protected]
    Credits:  100 available

Security Benefits

FeatureBenefit
No password in CLIPassword never touches terminal
Short-lived codesCodes expire in 15 minutes
User verificationUser must manually approve
Device bindingTokens tied to specific device
RevocableRevoke access anytime from web

Token Lifecycle

  • Access Token: 1 hour lifetime, auto-refreshes
  • Refresh Token: 30 days lifetime
  • After 30 days: Re-login required

Manual Authorization

If the browser doesn’t open automatically:
  1. Copy the URL from the terminal
  2. Paste into any browser
  3. Complete authorization
  4. Return to CLI

Troubleshooting

Code Not Recognized

The code may have expired (15 minute limit). Run npx depfixer login again.

Polling Timeout

The CLI polls for 5 minutes. If you didn’t complete authorization in time, run login again.

Network Issues

Check your internet connection and try again.