d9ef2f0d5b
Some checks failed
Build and Test / Validate Setup (push) Has been cancelled
Build and Test / Build (darwin-amd64) (push) Has been cancelled
Build and Test / Build (darwin-arm64) (push) Has been cancelled
Build and Test / Build (linux-amd64) (push) Has been cancelled
Build and Test / Build (windows-amd64) (push) Has been cancelled
Build and Test / Build (linux-arm64) (push) Has been cancelled
Build and Test / Security Audit (push) Has been cancelled
Build and Test / Package Results (push) Has been cancelled
Build and Test / Quality Gate (push) Has been cancelled
Nightly Build / Check for Changes (push) Has been cancelled
Nightly Build / Validate Setup (push) Has been cancelled
Nightly Build / Nightly Build (darwin-amd64) (push) Has been cancelled
Nightly Build / Nightly Build (darwin-arm64) (push) Has been cancelled
Nightly Build / Nightly Build (linux-amd64) (push) Has been cancelled
Nightly Build / Nightly Build (windows-amd64) (push) Has been cancelled
Nightly Build / Nightly Build (linux-arm64) (push) Has been cancelled
Nightly Build / Create Nightly Pre-release (push) Has been cancelled
Nightly Build / Notify Build Status (push) Has been cancelled
Nightly Build / Nightly Maintenance (push) Has been cancelled
- Bump all 18 plugins from 0.110.0 to 0.111.0
- Update rust-toolchain.toml channel to 1.93.1 (nu 0.111.0 requires ≥1.91.1)
Fixes:
- interprocess pin =2.2.x → ^2.3.1 in nu_plugin_mcp, nu_plugin_nats, nu_plugin_typedialog
(required by nu-plugin-core 0.111.0)
- nu_plugin_typedialog: BackendType::Web initializer — add open_browser: false field
- nu_plugin_auth: implement missing user_info_to_value helper referenced in tests
Scripts:
- update_all_plugins.nu: fix [package].version update on minor bumps; add [dev-dependencies]
pass; add nu-plugin-test-support to managed crates
- download_nushell.nu: rustup override unset before rm -rf on nushell dir replace;
fix unclosed ) in string interpolation
5.0 KiB
5.0 KiB
nu_plugin_auth Quick Reference
Version: 0.1.0 Status: Login/Logout Commands Implemented
Installation
nushell
# Build plugin
cargo build --release -p nu_plugin_auth
# Register with Nushell
plugin add target/release/nu_plugin_auth
plugin use nu_plugin_auth
Login Command
Basic Usage
nushell
# Interactive login (password prompt)
auth login admin
# Login with password
auth login admin mypassword
# Login and save to keyring
auth login admin --save
# Custom Control Center URL
auth login admin --url http://control.example.com:8081
Flags
| Flag | Short | Type | Description | Default |
|---|---|---|---|---|
--url |
- | String | Control Center URL | http://localhost:8081 |
--save |
- | Switch | Save tokens to keyring | false |
Output
nushell
{
success: true,
user: {
id: "user-123",
username: "admin",
email: "admin@example.com",
roles: ["admin", "developer"]
},
expires_in: 900,
token_saved: true
}
Logout Command
Basic Usage
nushell
# Logout current user
auth logout
# Logout specific user
auth logout --user admin
# Logout all sessions
auth logout --all
Flags
| Flag | Short | Type | Description | Default |
|---|---|---|---|---|
--user |
-u |
String | Username | Current system user |
--url |
- | String | Control Center URL | http://localhost:8081 |
--all |
-a |
Switch | Logout all sessions | false |
Output
nushell
{
success: true,
message: "Logged out successfully",
user: "admin"
}
MFA Commands (Bonus)
TOTP Enrollment
nushell
# Enroll in TOTP
auth mfa enroll totp
# Enroll for specific user
auth mfa enroll totp --user alice
Output: QR code in terminal + secret + backup codes
TOTP Verification
nushell
# Verify TOTP code
auth mfa verify --code 123456
# Verify for specific user
auth mfa verify --code 123456 --user alice
WebAuthn Enrollment
nushell
# Enroll WebAuthn (YubiKey, Touch ID)
auth mfa enroll webauthn
Security Features
- ✅ OS Keyring: Secure credential storage (Keychain, libsecret, Credential Manager)
- ✅ No Echo: Password input not visible in terminal
- ✅ HTTPS: TLS with rustls (no OpenSSL)
- ✅ JWT Tokens: RS256-signed access + refresh tokens
- ✅ Token Revocation: Server-side blacklist on logout
Error Handling
nushell
# No active session
auth logout
# Error: No active session: No token found
# Invalid credentials
auth login baduser wrongpass
# Error: Login failed: HTTP 401 - Invalid credentials
# Network error
auth login admin --url http://invalid:8081
# Error: HTTP request failed: connection refused
Platform Support
| Platform | Credential Storage |
|---|---|
| macOS | Keychain |
| Linux | Secret Service (libsecret/gnome-keyring) |
| Windows | Credential Manager |
API Endpoints
| Endpoint | Method | Description |
|---|---|---|
/auth/login |
POST | Authenticate and get tokens |
/auth/logout |
POST | Revoke access token |
/auth/verify |
GET | Verify token validity |
/auth/sessions |
GET | List active sessions |
/mfa/enroll/{type} |
POST | Enroll in MFA |
/mfa/verify |
POST | Verify MFA code |
Workflow Examples
Standard Login/Logout
nushell
# Login
auth login admin --save
# Do work...
# Logout
auth logout
Multiple Users
nushell
# Login as different users
auth login alice --save
auth login bob --save
# Logout specific user
auth logout --user alice
CI/CD Integration
nushell
# Non-interactive login
let token = auth login $env.CI_USER $env.CI_PASS | get user.id
# Use token for operations...
# Cleanup
auth logout --user $env.CI_USER
Troubleshooting
"No token found" error
Cause: No active session or keyring not accessible
Fix: Login again with --save flag
"HTTP request failed"
Cause: Control Center not running or wrong URL
Fix: Check Control Center status and --url flag
"Login failed: HTTP 401"
Cause: Invalid credentials Fix: Verify username and password
Keyring access denied
Cause: OS permission issue Fix: Grant keychain/keyring access to plugin binary
Development
Build Commands
bash
# Check code
cargo check -p nu_plugin_auth
# Build debug
cargo build -p nu_plugin_auth
# Build release
cargo build --release -p nu_plugin_auth
# Run tests
cargo test -p nu_plugin_auth
Plugin Location
- Source:
provisioning/core/plugins/nushell-plugins/nu_plugin_auth/ - Binary:
target/release/nu_plugin_auth
Related Commands (Future)
auth verify- Verify current tokenauth sessions- List all sessionsauth whoami- Show current userauth refresh- Refresh expired token
Last Updated: 2025-10-09
Documentation: See LOGIN_LOGOUT_IMPLEMENTATION.md for complete details