Skip to main content
The ctx7 auth commands manage authentication with Context7 for accessing authenticated features like skill generation and suggestions.

Subcommands

login

Log in to Context7

logout

Log out of Context7

whoami

Show current login status

login

Authenticate with Context7 using OAuth.

Usage

ctx7 login [options]

Options

--no-browser

Don’t open the browser automatically. Displays the authentication URL for manual access. 
ctx7 login --no-browser

How It Works

  1. Generate OAuth Parameters: Creates PKCE challenge and state parameter
  2. Open Browser: Opens Context7 login page (unless --no-browser is used)
  3. Wait for Callback: Starts local server to receive OAuth callback
  4. Exchange Code: Exchanges authorization code for access and refresh tokens
  5. Save Tokens: Stores tokens securely in ~/.context7/tokens.json

Examples

Standard Login

ctx7 login
Output: 
Opening browser to log in...

If the browser didn't open, visit this URL:
https://context7.com/oauth/authorize?client_id=...

⠋ Waiting for login...
✔ Login successful!

You can now use authenticated Context7 features.

Manual Browser Login

ctx7 login --no-browser
Output: 
Open this URL in your browser:
https://context7.com/oauth/authorize?client_id=...

⠋ Waiting for login...
This is useful when:
  • Running in SSH sessions
  • Browser auto-open is not working
  • Using a different browser than the system default

Already Logged In

ctx7 login
Output: 
You are already logged in.
Run 'ctx7 logout' first if you want to log in with a different account.

logout

Log out of Context7 by clearing stored authentication tokens.

Usage

ctx7 logout

Examples

Successful Logout

ctx7 logout
Output: 
Logged out successfully.

Not Logged In

ctx7 logout
Output: 
You are not logged in.

whoami

Show your current authentication status and user information.

Usage

ctx7 whoami

Examples

Logged In

ctx7 whoami
Output: 
Logged in
Name:     John Doe
Email:    [email protected]

Not Logged In

ctx7 whoami
Output: 
Not logged in.
Run 'ctx7 login' to authenticate.

Session Expired

ctx7 whoami
Output: 
Logged in
(Session may be expired - run 'ctx7 login' to refresh)

Authentication Flow

OAuth with PKCE

Context7 uses OAuth 2.0 with PKCE (Proof Key for Code Exchange) for secure authentication:
  1. Code Verifier: Random string generated locally
  2. Code Challenge: SHA-256 hash of the code verifier
  3. Authorization: User authorizes in browser
  4. Callback: Authorization code sent to local callback server
  5. Token Exchange: Code + verifier exchanged for tokens
  6. Storage: Tokens stored securely on local machine

Token Storage

Tokens are stored in: 
~/.context7/tokens.json
This file contains:
  • access_token: Used for API requests
  • refresh_token: Used to obtain new access tokens
  • expires_at: Token expiration timestamp
Never share or commit your tokens.json file. It contains sensitive authentication credentials.

Token Expiration

Access tokens expire after a period of time. When a token expires:
  1. The CLI automatically uses the refresh token to get a new access token
  2. If the refresh token is also expired, you’ll be prompted to log in again

Authenticated Features

These features require authentication:

Skill Generation

ctx7 skills generate
Generating custom skills requires a Context7 account.

Enhanced Suggestions

ctx7 skills suggest
Authenticated users receive personalized skill suggestions.

Setup with Auto-Generated API Key

ctx7 setup
The setup command can automatically generate an API key for the MCP server when authenticated.

Account Tiers

Different account tiers provide different limits:
FeatureFreeProUnlimited
Skill Search
Skill Install
Skill Suggestions
Skill Generation3/week10/weekUnlimited
API Keys15Unlimited
Upgrade your account at context7.com/dashboard

Troubleshooting

Login Failed

If login fails:
  1. Check Internet Connection: Ensure you can access context7.com
  2. Try Again: Run ctx7 login again
  3. Manual URL: Use ctx7 login --no-browser and copy the URL
  4. Clear Tokens: Run ctx7 logout then ctx7 login

Port Already in Use

If the OAuth callback server can’t start: 
Error: Port 8080 is already in use
Solution:
  1. Close applications using port 8080
  2. Try login again
  3. The CLI will automatically try alternative ports

Browser Doesn’t Open

If your browser doesn’t open automatically:
  1. Use ctx7 login --no-browser
  2. Manually copy and open the URL shown
  3. Complete authentication in your browser

Token File Corrupted

If you see token-related errors: 
# Remove corrupted token file
rm ~/.context7/tokens.json

# Login again
ctx7 login

Permission Errors

If you can’t write tokens: 
# Fix permissions
mkdir -p ~/.context7
chmod 700 ~/.context7
chmod 600 ~/.context7/tokens.json

Security Best Practices

Protect Your Tokens

  • Never share ~/.context7/tokens.json
  • Don’t commit tokens to version control
  • Use ctx7 logout on shared machines
  • Regenerate tokens if compromised

API Keys vs OAuth

For MCP server configuration: OAuth (Recommended for personal use) 
ctx7 setup  # Automatically generates API key
Manual API Key (For CI/CD, shared configs) 
ctx7 setup --api-key sk_your_key_here

Multiple Accounts

To switch accounts: 
# Logout from current account
ctx7 logout

# Login with different account
ctx7 login

Environment Variables

CONTEXT7_TOKEN

Override stored token with environment variable: 
export CONTEXT7_TOKEN="your_access_token"
ctx7 skills generate
Useful for:
  • CI/CD pipelines
  • Automation scripts
  • Testing
Be careful when using tokens in environment variables, as they may be exposed in logs or process listings.

See Also

Build docs developers (and LLMs) love

Get started for freeTalk to us