All connections to the Waypoint server via the CLI or UI require authentication. Waypoint supports authentication using an API token or via OpenID Connect (OIDC). OIDC allows Waypoint to use existing accounts from providers such as Google, Okta, GitLab, and more.
If you're a new user that ran
waypoint install, the auth token was automatically
configured for your local CLI. As a next step, we recomend
setting up OIDC.
To log in in the Waypoint UI, open the UI in your browser and follow the onscreen instructions.
If using OIDC, other teammates can attempt to authenticate using the
waypoint login. This will create a new account if they're allowed to
For tokens, use the
waypoint user invite CLI command with
-username flag. This will create an invite token that can be exchanged
for a token for a specific user.
To invite a new user
$ waypoint user invite -username=alice svESKuVYKeLkgFP3heNanrhvwiMfxfM7q7d3m8UTU3fTDwetfq9vMsBtdqeRmKakXZXJjLDinApxkDcVe594vR2FfVeF3m6gupZ8NVcSC
After giving Alice the invite token, they can setup their account using
waypoint login flow.
Waypoint currently doesn't have any mechanism to revoke sessions, audit token usage, inspect existing sessions, etc. We plan on expanding our authentication system to support this in the future.