Particle CLI - employee access (or temporary token login)?

Hello! Is there a way to essentially grant a team member limited (non-destructive) access to Particle CLI and allow them to login using a different password? Or to login to Particle CLI using an access token (that can then later be revoked) - again, instead of them needing to re-enter my password in case the CLI session expires?

For example right now, my employee comes over and then I will go over and type in my password to log them in - this is fine as I can also later revoke that token - but then if I want them to do stuff remotely and the previous session has since expired, is there a way to log them in without me providing them with my actual Particle password?

Thank you.

What exactly would these employees want to do?
There are many tasks you can do with CLI while being logged into a different account.
e.g. you can build code, you can USB flash devices, …

If you want to invoke a Particle.function() or request a Particle.variable() or trigger a Particle.event() you can use curl (or any similar tool) instead of CLI with just a valid access token.

1 Like

Thanks @ScruffR, this is the workflow:

  • Unbox a Photon
  • Run particle setup and claim device + provision to predetermined WiFi SSID / password
  • Flash firmware
  • Assemble hardware product, and do a particle get on a given variable to confirm everything is assembled properly

You create a token using particle token create and can specify how long it will be valid. You do this from your computer, using your login, and you’ll be prompted for your password. It also works if you have MFA enabled.

The team member can log in using particle login --token <token> without knowing your password or MFA temporary code.

This token can also be revoked, so keep track of the tokens that you have generated and who you gave them to, if you want to be able to revoke them before they naturally expire.

3 Likes

That’s perfect! Did I miss this, or is this not in the CLI reference?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.