Authentication Commands

RAPS supports both 2-legged (client credentials) and 3-legged (authorization code) OAuth flows.

Commands Overview

Command	Description
`raps auth test`	Test 2-legged OAuth credentials
`raps auth login`	Login with 3-legged OAuth
`raps auth logout`	Clear stored tokens
`raps auth status`	Show authentication status
`raps auth whoami`	Show user profile
`raps auth inspect-token`	Inspect token details

raps auth test

Test 2-legged OAuth authentication using your Client ID and Client Secret.

$ raps auth test
✓ Authentication successful!
  Token expires in: 3599 seconds

Requirements:

APS_CLIENT_ID environment variable
APS_CLIENT_SECRET environment variable

raps auth login [--default] [--device] [--token <token>]

Options:

--default: Use default scopes without prompting
--device: Use device code flow (for headless/server environments)
--token <token>: Provide access token directly (for CI/CD)

Browser-based login (default):

$ raps auth login
Opening browser for authentication...
Select scopes:
  [x] data:read
  [x] data:write
  [x] data:create
  [x] account:read
  [x] user:read
  [x] viewables:read

✓ Login successful!
  User: john.doe@example.com

Device code flow (headless):

$ raps auth login --device
Device Code Authentication
──────────────────────────────────────────────────
  User Code: ABC-123-DEF
  Verification URL: https://developer.api.autodesk.com/authentication/v2/device

Please visit the URL above and enter the user code.
Waiting for authorization...
✓ Authorization successful!

Token-based login (CI/CD):

$ raps auth login --token "eyJhbGc..." --expires-in 3600
✓ Token validated for user: user@example.com

raps auth status

Show current authentication status.

$ raps auth status
Authentication Status
────────────────────────────────────────
  2-legged (Client Credentials): ✓ Available
  3-legged (User Login): ✓ Logged in
    Token: abcd...wxyz
    Expires in: 1h 30m

raps auth inspect-token

Inspect the current access token for scope, expiry, and metadata.

$ raps auth inspect-token
Token Information:
────────────────────────────────────────────────────────────
  Valid: ✓ Yes
  Expires At: 2024-01-15 15:30:00 UTC
  Expires In: 45 minutes

  Scopes:
    • data:read
    • data:write
    • data:create
────────────────────────────────────────────────────────────

With expiry warning:

$ raps auth inspect-token --warn-expiry 3600
⚠ WARNING: Token expires in less than 1 hour!

Authentication Types

2-Legged OAuth (Client Credentials)

Used for server-to-server operations without user context.

Use for:

Uploading files to OSS
Creating buckets
Starting translations
Managing webhooks
Design Automation

3-Legged OAuth (Authorization Code)

Used for operations requiring user context.

Use for:

Accessing BIM 360/ACC hubs and projects
Browsing folders and items
Managing issues
User-specific data

Token Management (v3.7.0+)

RAPS automatically:

Stores tokens securely using OS keychain (default) or file storage
Refreshes tokens when they expire
Uses the appropriate token type for each operation

Secure Token Storage (Default):

Windows: Windows Credential Manager
macOS: macOS Keychain
Linux: Secret Service (gnome-keyring, kwallet)

Fallback File Storage:

Windows: %APPDATA%\raps\tokens.json
macOS: ~/Library/Application Support/raps/tokens.json
Linux: ~/.local/share/raps/tokens.json

🔐 Security: Keychain storage encrypts tokens. File storage stores tokens in plaintext and should only be used in secure environments.

Troubleshooting

”Authentication failed” error

Verify APS_CLIENT_ID and APS_CLIENT_SECRET are set correctly
Check your APS application is active in the Developer Portal
Ensure credentials haven’t been rotated

”Callback URL mismatch” error

Verify APS_CALLBACK_URL matches your APS application configuration.

”Token expired” error

Try logging out and back in:

raps auth logout && raps auth login