Authentication

Stackie uses a browser-based login flow to obtain a long-lived device token (90 days). The CLI and the dashboard share the same session — logging in from either one authenticates both simultaneously. Your token is stored in the OS credential store (Keychain on macOS, Credential Manager on Windows, Secret Service on Linux), so it survives daemon restarts.

1. You run `stackie auth login` (or click Login in the dashboard)
2. Your browser opens to the Stackie authentication page
3. After you approve, the browser redirects back to the local daemon
4. The daemon stores your device token in the OS credential store
5. Both the CLI and dashboard are now authenticated

CLI Commands

# Log in via browser
stackie auth login

# Check current auth status
stackie auth status

# Log out and clear stored credentials
stackie auth logout

Dashboard Auth API

The daemon exposes HTTP endpoints for the embedded dashboard UI:

POST /api/auth/login — initiates browser-based login flow
GET /api/auth/status — returns authentication state, email, and expiry
POST /api/auth/logout — revokes the session and clears the credential store
GET /api/auth/callback — receives the device token from the browser redirect

Credentials are stored in the OS-native credential store, not in plain-text files. The device token expires after 90 days and must be renewed by logging in again.

Authentication

Login Flow

CLI Commands

Dashboard Auth API