Authentication

advncd uses a browser-based OAuth flow via an auth broker backend. No service account JSON, no manual token copy-paste.

advncd login

What happens:

The CLI requests a login session from the auth broker.
Your browser opens automatically to a verification URL.
The CLI polls until you approve the login in the browser.
On approval, app tokens are saved locally with 0600 file permissions.

If the browser does not open automatically, the CLI prints the URL — open it manually.

The session has a 15-minute window to complete. If it expires, run advncd login again.

Check status

advncd status

Shows:

App token validity and expiry
Auth broker connectivity
Configured project and region
Required API readiness

Token lifecycle

advncd stores short-lived app tokens and refreshes them automatically. When a command needs a GCP access token, the CLI mints one on demand — you never manage raw GCP credentials.

Credentials are stored at:

$HOME/Library/Application Support/advncd/credentials.json   # macOS
$HOME/.config/advncd/credentials.json                       # Linux
%AppData%\advncd\credentials.json                           # Windows

Logout

advncd logout

Revokes the session in the auth broker and deletes local credentials.

Advanced: custom auth broker URL

By default advncd uses the hosted auth broker. You can override it:

# via environment variable
export ADVNCD_AUTH_BASE_URL="https://your-broker.example.com"
advncd login

# or via flag
advncd login --auth-base-url "https://your-broker.example.com"

The URL is saved in credentials and reused for all subsequent token operations.

Print a raw access token

Useful for debugging or scripting:

advncd auth print-access-token

Login​

Check status​

Token lifecycle​

Logout​

Advanced: custom auth broker URL​

Print a raw access token​

Login

Check status

Token lifecycle

Logout

Advanced: custom auth broker URL

Print a raw access token