glab(1)

NAME

glab-auth-dpop-gen - Generate a DPoP (demonstrating-proof-of-possession) proof JWT. (EXPERIMENTAL)

SYNOPSIS

glab auth dpop-gen [flags]

DESCRIPTION

Generates a demonstrating-proof-of-possession (DPoP) proof JSON Web Token (JWT). DPoP cryptographically binds personal access tokens to their owners.

Use the JWT with a personal access token (PAT) to authenticate to the GitLab API. glab signs the JWT with your SSH private key. The JWT remains valid for five minutes. After it expires, generate another one.

Prerequisites:

An SSH key pair in RSA, ed25519, or ECDSA format.
Enabled DPoP for your account ⟨https://docs.gitlab.com/user/profile/personal_access_tokens/#use-dpop-with-personal-access-tokens⟩.

This feature is an experiment and is not ready for production use. It might be unstable or removed at any time. For more information, see https://docs.gitlab.com/policy/development_stages_support/.

OPTIONS

--hostname="gitlab.com" The hostname of the GitLab instance to authenticate with.

--pat="" Personal access token (PAT) to generate a DPoP proof for. Defaults to the token set with 'glab auth login'.

-p, --private-key="" Location of the private SSH key on the local system.

OPTIONS INHERITED FROM PARENT COMMANDS

-h, --help[=false] Show help for this command.

EXAMPLE

# Generate a DPoP JWT using an SSH private key and a personal access token
glab auth dpop-gen --private-key "~/.ssh/id_rsa" --pat "glpat-xxxxxxxxxxxxxxxxxxxx"
# Generate a DPoP JWT without a PAT (uses the token from 'glab auth login')
glab auth dpop-gen --private-key "~/.ssh/id_rsa"
# Generate a DPoP JWT for a different GitLab instance
glab auth dpop-gen --private-key "~/.ssh/id_rsa" --hostname "https://gitlab.com"