feat(auth): treat APIFY_TOKEN env var as authenticated in non-interactive contexts#1246
Draft
DaveHanns wants to merge 1 commit into
Draft
feat(auth): treat APIFY_TOKEN env var as authenticated in non-interactive contexts#1246DaveHanns wants to merge 1 commit into
DaveHanns wants to merge 1 commit into
Conversation
When APIFY_TOKEN is exported in the environment, resolveToken() now returns it directly, so any command that calls the API works without a prior `apify login`. This matches the Apify SDK behavior and removes the biggest bootstrap friction for agents and CI: they ship a token via env and would previously hit a "you are not logged in" wall on the first command. Also improves the MissingAuth error message: if APIFY_TOKEN is set but the API rejected it, the hint now says so instead of telling the user to `apify login`. No change for interactive users who ran `apify login` — the on-disk token path is unchanged when APIFY_TOKEN is not set. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When
APIFY_TOKENis exported in the environment, treat commands as authenticated without requiring a priorapify login.resolveToken()insrc/lib/utils.tsnow returnsprocess.env.APIFY_TOKENbefore falling through to the keyring /auth.jsonpath.getLoggedClientOrThrow()gives a differentiated error message when a token is present in env but the API rejected it (vs. no token at all).Why
Agent harnesses and CI runners typically ship an
APIFY_TOKENvia env. Today,apify push,apify call,apify info, etc. still demand a priorapify login, so the first command fails with an auth prompt and agents confabulateapify login --token $APIFY_TOKENinvocations. This aligns the CLI with the Apify SDK's env-first behavior and removes ~5% of first-run failures we've seen across eval scenarios.Behavior
apify loginrun, no env varapify loginrun + env var setTest plan
resolveToken()returns env token when set, existing token when passed, stored token when neither.APIFY_TOKEN=<valid>and noauth.json,apify infoandapify pushsucceed.APIFY_TOKEN=<invalid>, error message points at the env var.apify loginflow still works and its token is used whenAPIFY_TOKENis unset.