sentry-cli icon indicating copy to clipboard operation
sentry-cli copied to clipboard
verified publisher icon getsentry

`sentry-cli login` should create & store user auth token

Open szokeasaurusrex opened this issue 9 months ago • 3 comments

While investigating #2420, we realized that it would likely make more sense for sentry-cli login to store a user auth token, rather than an org auth token (context from that issue included below).

So, let's implement that change!

A side note on sentry-cli login

Some further notes here: when discussing with @lforst, we realized that the sentry-cli login command should probably be generating a User Auth Token rather than an Org Auth Token. If sentry-cli login would have generated a User Auth Token, then @constantinius would have been able to upload sourcemaps with the command he listed in Step 4, since the User Auth Token would have access to all orgs that his Sentry user has access to.

Org Auth Tokens are still what we recommend folks to use in CI or in any automated build processes. However, when testing out stuff locally on a development machine, a User Auth Token provides more flexibility and will probably be more helpful for most folks. We will create a separate issue to implement this change.

Originally posted by @szokeasaurusrex in #2420

szokeasaurusrex avatar Mar 27 '25 08:03 szokeasaurusrex

We need this for the new log command

szokeasaurusrex avatar Aug 06 '25 09:08 szokeasaurusrex

Hey, I've been looking into this and I just wanted to clarify before I submit a PR.

From my understanding, sentry-cli login defaults to org tokens but devs working across multiple organizations need user tokens.

I implemented an interactive choice where users can select between user token vs org token while also preserving original behavior (browser opening, prompts, --auth-token flag support, etc).

Does this approach sound good? Just want to make sure as a first time contributor.

akluu avatar Aug 26 '25 03:08 akluu

Hello — we likely just want to generate user tokens, no interactive choice. We also will want to suggest a sensible default for which auth scopes to apply, which may require backend changes (I still need to investigate this).

While I really appreciate your desire to contribute, I already have this issue on my todo list and aim to take care of it next week or the week after. If you'd really like to open a PR feel free, but I'm already planning to work on this 😄

szokeasaurusrex avatar Aug 26 '25 13:08 szokeasaurusrex