CodeMie CLI supports multiple authentication methods:
- CodeMie SSO - Browser-based Single Sign-On (recommended for enterprise)
- JWT Bearer Authorization - Token-based authentication for CI/CD and external auth systems
- API Key - Direct API key authentication for other providers (OpenAI, Anthropic, etc.)
For enterprise environments with AI/Run CodeMie SSO (Single Sign-On):
The setup wizard automatically detects and configures AI/Run CodeMie SSO:
codemie setupThe wizard will:
- Detect if you have access to AI/Run CodeMie SSO
- Guide you through the authentication flow
- Fetch and display available projects (includes admin-only projects)
- Test the connection with health checks
- Save secure credentials to
~/.codemie/codemie-cli.config.json
Note: If you have access to multiple projects, you'll be prompted to select one. Projects from both regular and admin access are included automatically.
If you need to authenticate separately or refresh your credentials:
# Authenticate with AI/Run CodeMie SSO
codemie auth login --url https://your-airun-codemie-instance.com
# Check authentication status
codemie auth status
# Refresh expired tokens
codemie auth refresh
# Logout and clear credentials
codemie auth logoutSSO tokens are automatically managed, but you can control them manually:
AI/Run CodeMie CLI automatically refreshes tokens when they expire. For manual refresh:
# Refresh SSO credentials (extends session)
codemie auth refreshWhen to refresh manually:
- Before long-running tasks
- After extended periods of inactivity
- When you receive authentication errors
- Before important demonstrations
Check your current authentication state:
codemie auth statusStatus information includes:
- Connection status to AI/Run CodeMie SSO
- Token validity and expiration
- Available models for your account
- Provider configuration details
Common authentication issues and solutions:
# Token expired
codemie auth refresh
# Connection issues
codemie doctor # Full system diagnostics
codemie auth status # Check auth-specific issues
# Complete re-authentication
codemie auth logout
codemie auth login --url https://your-airun-codemie-instance.com
# Reset all configuration
codemie config reset
codemie setup # Run wizard againAI/Run CodeMie SSO provides enterprise-grade features:
- Secure Token Storage: Credentials stored in system keychain
- Automatic Refresh: Seamless token renewal without interruption
- Multi-Model Access: Access to Claude, GPT, and other models through unified gateway
- Automatic Plugin Installation: Claude Code plugin auto-installs for session tracking
- Audit Logging: Enterprise audit trails for security compliance
- Role-Based Access: Model access based on organizational permissions
For environments with external token management systems, CI/CD pipelines, or testing scenarios, CodeMie CLI supports JWT Bearer Authorization. This method provides tokens at runtime rather than during setup.
JWT setup only requires the API URL - tokens are provided later:
codemie setup
# Select: Bearer AuthorizationThe wizard will:
- Prompt for the CodeMie base URL (e.g.,
https://codemie.lab.epam.com) - Optionally ask for a custom environment variable name (default:
CODEMIE_JWT_TOKEN) - Save the configuration without requiring a token
- Display instructions for providing tokens at runtime
After setup, provide tokens via environment variable or CLI option:
Environment Variable (Recommended):
# Set token in your environment
export CODEMIE_JWT_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
# Run commands normally
codemie-claude "analyze this code"CLI Option:
# Provide token per command
codemie-claude --jwt-token "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." "analyze this code"Custom Environment Variable:
# If you configured a custom env var during setup
export MY_CUSTOM_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
codemie-claude "analyze this code"JWT tokens are validated automatically:
# Check JWT authentication status
codemie doctor
# View token status and expiration
codemie profile statusToken Validation:
- Format validation (header.payload.signature)
- Expiration checking (warns if expiring within 7 days)
- Automatic error messages for expired tokens
JWT Bearer Authorization is ideal for:
CI/CD Pipelines:
# GitLab CI example
script:
- export CODEMIE_JWT_TOKEN="${CI_JOB_JWT}"
- codemie-claude --task "review changes in this commit"External Auth Systems:
# Obtain token from your auth provider
TOKEN=$(curl -s https://auth.example.com/token | jq -r .access_token)
# Use with CodeMie
codemie-claude --jwt-token "$TOKEN" "your prompt"Testing & Development:
# Use short-lived test tokens
export CODEMIE_JWT_TOKEN="test-token-expires-in-1h"
codemie-claude "run tests"| Feature | JWT Bearer Auth | CodeMie SSO |
|---|---|---|
| Setup | URL only | Browser-based flow |
| Token Source | Runtime (CLI/env) | Stored in keychain |
| Best For | CI/CD, external auth | Interactive development |
| Token Refresh | Manual (obtain new token) | Automatic |
| Security | Token management external | Managed by CLI |
Token not found:
# Check environment variable
echo $CODEMIE_JWT_TOKEN
# Verify variable name matches config
codemie profile status
# Provide via CLI instead
codemie-claude --jwt-token "your-token" "your prompt"Token expired:
# Obtain new token from your auth provider
export CODEMIE_JWT_TOKEN="new-token-here"
# Verify expiration
codemie doctorInvalid token format:
# JWT must have 3 parts (header.payload.signature)
# Check token structure
echo $CODEMIE_JWT_TOKEN | awk -F. '{print NF}' # Should output: 3Configuration issues:
# Reset and reconfigure
codemie setup # Choose Bearer Authorization again
# Or manually edit config
cat ~/.codemie/codemie-cli.config.json