# Authorize the CLI

Authorize the CLI with the device-authorization flow — the same model as the GitHub CLI. Foxora shows a short code and a link, you approve in your browser, and the CLI is signed in. No password is ever typed into the terminal.

## Sign in

- 01Start the device flowRun the login command:bashCopyfoxora loginThe CLI requests a short-lived user code from the gateway, prints a verification link (and copies it to your clipboard), then opens your default browser to app.foxora.ai/activate.Enter code · ABCD-1234foxora login — the user code shown in the terminal
- 02Approve in your browserSign in (or sign up) at app.foxora.ai and confirm that the code on screen matches the one in your terminal, then approve. Meanwhile the terminal shows “waiting for approval…” and polls until you’re done.
- 03You're signed inOnce you approve, the CLI prints “signed in as you@example.com” and stores your tokens (mode 0600) in ~/.foxora/cli-auth.json — the same credentials file the desktop app uses, so the surfaces interoperate. A stale access token is refreshed automatically on the next run.

## Check who you are

Confirm the signed-in account at any time:

```
foxora whoami
# → ● signed in as you@example.com
```

## Sign out

foxora logout removes the local credentials file. Your account and sessions are untouched — you just need to sign in again to make gateway calls from this machine.

```
foxora logout
```

> One account, every surfaceThe CLI, Foxora Desktop, and the web dashboard share one sign-in. If you only ever used Continue with Google or GitHub, that’s fine — the device flow signs you in through the same hosted login page. See Accounts & sign-in.