Authentication

claude-sync supports browser OAuth and email/password authentication.

Browser Login (Recommended)

The recommended way to authenticate is through browser-based OAuth. When you run the login command, claude-sync generates a unique verification code and opens your default browser:

$ claude-sync login

  ● Open this URL in your browser:
     https://api.claude-sync.com/auth/cli/verify?code=ABC123
  ● Code: ABC123
  ⏳ Waiting for browser authorization...
  ✔ Logged in as dev@company.io

The CLI polls the API for authorization completion. Once you complete the flow in your browser (GitHub, Google, or email/password), the CLI receives your access token and stores it locally.

Email & Password

You can also authenticate directly from the CLI with email and password:

The CLI will prompt you for your password securely. This method bypasses the browser flow but still requires an account on the claude-sync platform.

Token Management

claude-sync uses JWT-based authentication with two token types:

Access Token — Short-lived (15 minutes), included in every API request
Refresh Token — Long-lived (30 days), used to obtain new access tokens automatically

When your access token expires, the CLI automatically refreshes it using the refresh token. You don't need to manually re-authenticate unless your refresh token expires or is revoked.

Tokens are stored at ~/.claude-sync/config.json. Access tokens expire every 15 minutes and are automatically refreshed.

Logging Out

To log out and revoke your tokens:

This command revokes your refresh token on the server and clears your local configuration. You'll need to log in again to use any sync commands.

PreviousInstallation NextDevices