Auth
Token and identity management for the Riven CLI.
riven auth login
Authenticate with the Riven platform. By default this opens a browser window pointing to app.riven-ai.dev/auth/cli for OAuth-based login. The resulting JWT is stored locally for subsequent commands.
# Browser-based login (default)
riven auth login
# Manually paste a token (for CI or headless environments)
riven auth login --manualUse --manual in CI pipelines or SSH sessions where a browser is not available. You will be prompted to paste a token obtained from the platform UI.
riven auth logout
Clear stored credentials for the current registry. Use --all to clear credentials for all configured registries.
# Logout from current registry
riven auth logout
# Logout from all registries
riven auth logout --allriven auth status
Display the current authentication state, including which registry you are authenticated to and token expiry information.
riven auth statusriven auth token
Print the current auth token to stdout. Useful for piping into other tools or setting environment variables in scripts.
# Print token
riven auth token
# Use in a script
export RIVEN_TOKEN=$(riven auth token)Environment Variables
The CLI checks the following environment variables for auth configuration:
| Variable | Description |
|---|---|
RIVEN_TOKEN | Auth token — overrides stored credentials |
RIVEN_REGISTRY_URL | Default proto registry URL |
In CI environments, set RIVEN_TOKEN as a secret and the CLI will use it automatically — no riven auth login step needed.
Token Storage
Tokens from riven auth login are stored in ~/.config/riven/credentials.json, keyed by registry URL. The CLI reads this file automatically.
Priority order:
--tokenflagRIVEN_TOKENenvironment variable- Stored credentials file (
~/.config/riven/credentials.json) - Project config (
.rivenrc.json)