actx login
actx login
Section titled “actx login”Authenticate with your AgentCTX account using a browser-based OAuth/OIDC flow with PKCE (Proof Key for Code Exchange). The session JWT is encrypted and stored locally.
actx login [options]Options
Section titled “Options”| Option | Description |
|---|---|
--force | Clear existing session and re-authenticate |
How It Works
Section titled “How It Works”- Reads OIDC configuration from
.context/actx.yaml(auth.oidc.issuerandauth.oidc.clientId) - Discovers OIDC endpoints via the provider’s
.well-known/openid-configuration - Generates a PKCE code verifier and challenge
- Opens your default browser to the authorization URL
- Spins up a localhost callback server (default port
8484) to receive the auth code - Exchanges the code for access/ID tokens via the token endpoint
- Decodes JWT claims (sub, tenant_id, roles, email, org)
- Encrypts and stores the session in
.context/.keys/session.enc
Configuration
Section titled “Configuration”Add OIDC settings to your .context/actx.yaml:
auth: oidc: issuer: https://auth.agentctx.ai clientId: actx-cli scopes: [openid, profile, email] callbackPort: 8484Example
Section titled “Example”$ actx login🔐 AgentCTX Login
Discovering OIDC endpoints for https://auth.agentctx.ai... ✅ Provider: agentctx Opening browser for authentication... Waiting for authentication... Exchanging authorization code for tokens...
✅ Logged in as developer@example.com Organization: acme-corp Roles: admin, developer Session expires: 3/23/2026, 6:00:00 AMSee Also
Section titled “See Also”- actx logout — sign out and clear session
- actx whoami — show current user info
- actx setup — configure LLM credentials