In the previous article A step by step guide to install and configure OCI client the oci client configuration.

OCI provides also token access.

~ > oci session authenticate --profile-name MY_SESS_PROF --region eu-zurich-1 --tenancy-name <your tenancy name>
    Please switch to newly opened browser window to log in!
    You can also open the following URL in a web browser window to continue:**************************VprV0dHbzJLRE5yY2pvbEQ4S0xXTkducGN5OG9tTkh5R0RZaEI1R2VPMF9KbWhMNjVvSTlrZEtrZHp1NHdRRXpnSEZlUXFYQ2NTc1hyUWl3N0I4b25VYWZLc0h5Y2tnNWUtMUdlNWtlZVNZSlJRaVJ1c0hrdHdackh1Q3Z4UnJmOW0wVVNRIiwgImUiOiAiQVFBQiIsICJ*******************9&redirect_uri=http%3A%2F%2Flocalhost%3A8181&tenant=*************
    Completed browser authentication process!
Config written to: /Users/mytest/.oci/config

    Try out your newly created session credentials with the following example command:

    oci iam region list --config-file /Users/mytest/.oci/config --profile MY_SESS_PROF --auth security_token

Note: The tenancy name can be found on the page “Tenancy details

Let’s try out the OCI output suggestion:

oci iam region list --config-file /Users/mytest/.oci/config --profile MY_SESS_PROF --auth security_token

  "data": [
      "key": "AMS",
      "name": "eu-amsterdam-1"
      "key": "ARN",
      "name": "eu-stockholm-1"

The $HOME/.config file was updated with the token and the session parameters are in the session directory as follows:

~ > cd $HOME/.oci
.oci > tree
├── config
├── oci_api_key.pem
├── oci_api_key_public.pem
├── rsa.private
├── rsa.public
└── sessions
    └── MY_SESS_PROF
        ├── oci_api_key.pem
        ├── oci_api_key_public.pem
        └── token

.oci > cat config
user = ocid1.user.oc1..aaaa*********wyqwklitkuu6owpzcj****
fingerprint = 01:**************:3c:9a:99:ff:08:******
key_file = ~/.oci/oci_api_key.pem
tenancy = ocid1.tenancy.oc1..aaaaaaaa**************iai4di356quiofira
region = eu-zurich-1

# Here the new added session 

For an easy use these env variables are available to avoid passing --profile and --auth parameters on oci command line:

~ > export OCI_CLI_AUTH=security_token

Token validation:

~ > oci session validate  --profile MY_SESS_PROF --auth security_token
Session is valid until 2022-10-06 17:59:00

The token can be refreshed before it’s expiration:

~ > oci session refresh --profile MY_SESS_PROF
Attempting to refresh token from
Successfully refreshed token
~ > oci session validate  --profile MY_SESS_PROF --auth security_token
Session is valid until 2022-10-06 18:16:42

Share on