> ## Documentation Index
> Fetch the complete documentation index at: https://mulerun.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Login & Logout

> Authenticate via browser OAuth and clear cached credentials

## `mulerun login`

Opens a browser window and walks you through OAuth 2.0 (Authorization Code
flow with PKCE). On success the resulting JWT is cached under `~/.mulerun/`
and every other subcommand picks it up automatically.

```bash theme={null}
mulerun login            # standard login
mulerun login --force    # re-login even if a valid token is cached
```

The CLI is smart about account switches: if the new login resolves to a
different user than the previously cached one, the per-call CLI-key cache
is cleared as well — no stale credentials carry over.

## `mulerun logout`

Revokes the cached refresh token on the server and removes the local
cache.

```bash theme={null}
mulerun logout
```

Best-effort: even if revocation fails (offline, server unreachable), the
local cache is still cleared.

## Non-interactive login

For CI, agents, and headless environments, skip the browser entirely by
pre-minting a JWT and exporting it:

```bash theme={null}
export MULERUN_TOKEN="eyJ..."
mulerun user me      # no `login` step needed
```

See [Configuration](/cli/configuration) for the full list of environment
variables.

## Inspect a token

`mulerun internal-auth token-info` decodes the cached JWT locally (no
network round-trip) so you can see expiry, subject, and scopes:

```bash theme={null}
mulerun internal-auth token-info
mulerun internal-auth check       # verify the token against the server
```
