auth / login / relogin / renew
Authentication and token management commands.
Protocol Boundary
Use the auth commands with the transport model in mind:
| Need | Recommended transport | Why |
|---|---|---|
| quick account/profile/friends checks | REST | simpler request flow, lower session complexity |
| full chat list, full history, sending, watch | LOCO | server-retained data and real-time messaging live here |
| token health check | REST first | fastest way to verify whether saved credentials are still usable |
| session recovery for LOCO failures | config-driven | default is relogin first, but config can move renew earlier |
auth
Verify the current token's validity.
openkakao-rs authOutput:
User ID: 405979308
Token: c75fc318...
Version: 3.7.0
Token is valid!login
Extract credentials from the running KakaoTalk app.
openkakao-rs login --save| Flag | Description |
|---|---|
--save | Save extracted credentials to ~/.config/openkakao/credentials.json |
relogin
Refresh the access token using stored login parameters.
openkakao-rs relogin [OPTIONS]| Flag | Description |
|---|---|
--fresh-xvc | Regenerate the X-VC authentication header |
--password <PASSWORD> | Use a specific password instead of cached |
--email <EMAIL> | Override the stored email |
Preferred when:
- LOCO commands start failing with auth errors
- saved credentials drift after KakaoTalk app updates
- you want the CLI to re-anchor on the
login.jsonpath used by the desktop app
renew
Attempt token renewal using the refresh_token.
openkakao-rs renewTries two endpoints:
oauth2_token.json(access_token + refresh_token)renew_token.json(refresh_token only)
Use renew when:
- you already have a refresh token path available
- you want a lower-friction retry before a full relogin
- you are building supervised recovery steps, not assuming guaranteed unattended refresh
Recovery Order
For service stability, the CLI now treats recovery as policy instead of a hard-coded ladder.
Default:
- saved credentials
reloginvia cachedlogin.jsonparametersrenewviarefresh_token- fresh
Cache.dbextraction
Config changes the middle of that ladder:
auth.prefer_relogin = falsetriesrenewbeforereloginauth.auto_renew = falseremoves renewal attempts entirely
That is the practical boundary today. REST and LOCO both reuse the same recovery model, but LOCO remains the stricter path because it needs a live session, not just a valid bearer token.