You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Revoke OAuth token on logout; report default status on login
logout now revokes the refresh token at the authorization server (RFC 7009)
before removing the saved configuration; the local entry is removed even if
revocation fails. login reports whether the new login became the default and,
when it did not, prints the command to make it the default.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Copy file name to clipboardExpand all lines: README.md
+8-6Lines changed: 8 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,7 +25,7 @@ Python 3.8 or later. You can install Python from [https://www.python.org/](http
25
25
cld login
26
26
```
27
27
28
-
This opens your browser to authorize the CLI, then saves the login as a configuration (named after the cloud) and sets it as the default. No API secret is stored on disk — the saved login holds a short-lived token that the CLI refreshes automatically.
28
+
This opens your browser to authorize the CLI, then saves the login as a configuration (named after the cloud) and sets it as the default. The CLI refreshes the token automatically, and you can remove the login at any time with `cld logout`.
29
29
30
30
**Option B — Set your CLOUDINARY\_URL environment variable.** For example:
31
31
* On Mac or Linux:<br>`export CLOUDINARY_URL=cloudinary://123456789012345:abcdefghijklmnopqrstuvwxyzA@cloud_name`
cld login # Logs in to a Cloudinary account via OAuth in your browser.
61
-
cld logout # Removes a saved OAuth login.
61
+
cld logout # Revokes and removes a saved OAuth login.
62
62
cld search --help # Shows usage for the Search API.
63
63
cld admin # Lists Admin API methods.
64
64
cld uploader # Lists Upload API methods.
@@ -255,7 +255,7 @@ Whereas using the saved configuration "accountx":
255
255
cld -C accountx admin usage
256
256
```
257
257
258
-
_**Caution:**A saved API-key configuration stores your API secret in a local file. An OAuth login (see below) avoids this by storing a short-lived, auto-refreshed token instead._
258
+
_**Caution:**Creating a saved configuration may put your credentials at risk as they are stored in a local plain text file. This applies to both API-key configurations and OAuth logins._
259
259
260
260
You can create, delete and list saved configurations using the `config` command.
261
261
@@ -272,11 +272,13 @@ Instead of saving an API key and secret, you can log in to a Cloudinary account
272
272
```
273
273
cld login # Log in and save the configuration (named after the cloud).
274
274
cld login my-account # Save the login under a specific name.
275
-
cld logout # Choose a saved OAuth login to remove.
276
-
cld logout my-account # Remove a specific saved OAuth login.
275
+
cld logout # Choose a saved OAuth login to log out of.
276
+
cld logout my-account # Log out of a specific saved OAuth login.
277
277
```
278
278
279
-
Once saved, an OAuth login is selected with `-C <name>` just like any other saved configuration.
279
+
The first login becomes the default automatically. When other configurations already exist, the new login is saved but not made the default; `cld login` tells you so and prints the command to make it the default. Once saved, an OAuth login is selected with `-C <name>` just like any other saved configuration.
280
+
281
+
`cld logout` revokes the login's token at the server and removes the saved configuration. If the token cannot be revoked (for example, you are offline), the saved configuration is still removed.
0 commit comments