Server Authentication
Warning
This content is part of the legacy version of Waypoint that is no longer actively maintained. For additional information on the new vision of Waypoint, check out this blog post and the HCP Waypoint documentation.
All connections to the Waypoint server via the CLI or UI require authentication. Waypoint supports authentication using an API token or via OpenID Connect (OIDC). OIDC allows Waypoint to use existing accounts from providers such as Google, Okta, GitLab, and more.
If you're a new user that ran waypoint install
, the auth token was automatically
configured for your local CLI. As a next step, we recomend
setting up OIDC.
Logging In
To log in in the Waypoint UI, open the UI in your browser and follow the onscreen instructions.
Invite Teammates
If using OIDC, other teammates can attempt to authenticate using the
UI or waypoint login
. This will create a new account if they're allowed to
authenticate.
For tokens, use the
waypoint user invite CLI command with
the -username
flag. This will create an invite token that can be exchanged
for a token for a specific user.
To invite a new user alice
:
After giving Alice the invite token, they can setup their account using
the standard waypoint login
flow.
Revoke, Inspect, etc.
Waypoint currently doesn't have any mechanism to revoke sessions, audit token usage, inspect existing sessions, etc. We plan on expanding our authentication system to support this in the future.