Device flow login
The CLI uses a device authorization flow — you approve the login from a browser, no password is typed into the terminal.--no-browser to get a URL you can open elsewhere:
Verify your session
photon login.
Log out
Credential storage
Credentials are stored as JSON files with600 permissions:
$PHOTON_CONFIG_DIR— explicit override$XDG_CONFIG_HOME/photon— XDG standard~/.config/photon/— default
If a legacy
~/.config/photon-dashboard/ directory exists from a prior install, it migrates automatically on first run.Multi-backend credentials
Credentials are stored per backend. You can be logged into production and a staging server simultaneously — each gets its own credential file keyed by a sanitized hostname (e.g.production, staging-app_photon_codes, localhost_3000).
photon auth status shows the login state for every backend you’ve authenticated against. Pass --json for machine-readable output.
Backend host
Every command talks to a backend URL. The default is production (https://app.photon.codes). To target a different backend, set PHOTON_API_HOST or use the --api-host flag:
--api-host flag > PHOTON_API_HOST env var > built-in production URL.
Check the resolved host with:
Setting an active project
Most commands operate on a single project. Specify it per-command or per-shell:--project flag > $PHOTON_PROJECT_ID > error with a hint.
Put
export PHOTON_PROJECT_ID='...' in your shell rc, or use direnv to scope it to a project directory.CI and scripting
For non-interactive environments, pass a token directly instead of running the device flow:$PHOTON_CONFIG_DIR/credentials/<key>.json) after authenticating once with photon login.
Pair with --json for machine-readable output:
| Flag / env var | Effect |
|---|---|
-t, --token <token> / PHOTON_TOKEN | Use this token instead of stored credentials |
--json | Structured JSON output |
--yes, -y | Skip destructive-action confirmation prompts |
--no-browser | Don’t auto-open the browser |
PHOTON_TOKEN reuses the access token from the device flow (default 7-day expiry). Re-run photon login when it expires. A long-lived API key path is on the roadmap.