[!NOTE] If you are using oauth2-proxy to secure the Swagger UI documentation page, you can log out by visiting the /logout URL. For this to work correctly, ensure that the blueapi server is configured with oidc.logout_redirect_endpoint set to /oauth2/sign_out, which is required for oauth2-proxy.

Authenticate to BlueAPI-Cli#

Introduction#

BlueAPI provides a secure and efficient way to interact with its services. This guide walks you through the steps to log in and log out using BlueAPI with OpenID Connect (OIDC) authentication.

Configuration#

See also

Configure the Application

Here is an example configuration for authenticating to p46-blueapi:

api:
  url: "https://p46-blueapi.diamond.ac.uk"

auth_token_path: "~/.cache/blueapi_cache" # Optional: Custom path to store the token

auth_token_path: (Optional) Specify where to save the token. If omitted, the default is ~/.cache/blueapi_cache or $XDG_CACHE_HOME/blueapi_cache if XDG_CACHE_HOME is set.

Log In#

Execute the login command:
```
$ blueapi -c config.yaml login
```
Authenticate:
- Follow the prompts from your OIDC provider to log in.
- Provide your credentials and complete any additional verification steps required by the provider.
Success Message: Upon successful authentication, you see the following message:
```
Logged in and cached new token
```

Log Out#

To log out and securely remove the cached access token, follow these steps:

Execute the logout command:
```
$ blueapi logout
```
Logout Process:
- This command uses the OIDC flow to log you out from the OIDC provider.
- It also deletes the cached token from the specified auth_token_path.
Success Message: If the token is successfully removed or if it does not exist, you see the message:
```
Logged out
```