Authentication
How TLD authentication works — tokens, offline mode, and troubleshooting.
Login flow
TLD uses OAuth 2.0 device flow for authentication. When you run tld login, the CLI opens your browser to complete authentication — no password is ever handled by the CLI itself.
bash
$ tld login
# Opening browser for authentication...
# If browser does not open, visit:
# https://auth.thelastdeploy.com/device?code=ABCD-1234
#
# Waiting for authentication...
# Logged in as you@example.com
Token storage
The auth token is stored in ~/.tld/config.yaml. It is a signed JWT with an expiry. The CLI automatically refreshes the token when it expires.
Keep your token private
Never commit your config.yaml or share your auth token. Run `tld logout` to revoke and clear it.Offline mode
Most lab operations work offline. You only need a network connection to: log in, sync lab content, and report completion. Running labs and validating solutions works entirely offline.
