glab(1) glab(1)

glab-auth-dpop-gen - Generates a DPoP (demonstrating-proof-of-possession) proof JWT. (Experimental.)

glab auth dpop-gen [flags]

Demonstrating-proof-of-possession (DPoP) is a technique to cryptographically bind personal access tokens to their owners. This command provides the tools to manage the client aspects of DPoP. It generates a DPoP proof JWT (JSON Web Token).

Prerequisites:

Use the JWT in combination with a Personal Access Token (PAT) to authenticate to the GitLab API. Your JWT remains valid for 5 minutes. After it expires, you must generate another token. Your SSH private key is then used to sign the JWT.

This feature is experimental. It might be broken or removed without any prior notice. Read more about what experimental features mean at

https://docs.gitlab.com/ee/policy/experiment-beta-support.html

Use experimental features at your own risk.

-h, --hostname="gitlab.com" The hostname of the GitLab instance to authenticate with. Defaults to 'gitlab.com'.

--pat="" Personal Access Token (PAT) to generate a DPoP proof for. Defaults to the token set with 'glab auth login'. Returns an error if both are empty.

-p, --private-key="" Location of the private SSH key on the local system.

--help[=false] Show help for this command.

# Generate a DPoP JWT for authentication to GitLab
$ glab auth dpop-gen [flags]
$ glab auth dpop-gen --private-key "~/.ssh/id_rsa" --pat "glpat-xxxxxxxxxxxxxxxxxxxx"
# No PAT required if you previously used the 'glab auth login' command with a PAT
$ glab auth dpop-gen --private-key "~/.ssh/id_rsa"
# Generate a DPoP JWT for a different GitLab instance
$ glab auth dpop-gen --private-key "~/.ssh/id_rsa" --hostname "https://gitlab.com"

glab-auth(1)

Mar 2025 Auto generated by spf13/cobra