Authentication

Asana CLI supports two authentication methods: Personal Access Tokens (PAT) and OAuth 2.0.

Personal Access Token (Recommended)

The quickest and simplest method for personal use and CLI tools.

Advantages

• Quick Setup: No OAuth configuration required
• Simple: Just one token to manage
• Perfect for CLI: Designed for personal automation
• No Expiration: Tokens don't expire (unless revoked)

Creating a Token

1. Visit Asana Developer Console
2. Click "Create New Token"
3. Give it a descriptive name (e.g., "Asana CLI")
4. Copy the generated token immediately (you won't see it again)

Login with Token

bun run dev auth login --token YOUR_TOKEN

Login with Default Workspace

Set a default workspace during login:

bun run dev auth login --token YOUR_TOKEN -w WORKSPACE_ID

This reduces the need to specify -w in every command.

Using Environment Variables

Store your token in an environment variable:

export ASANA_ACCESS_TOKEN=your_token_here

Then login without typing the token:

bun run dev auth login

OAuth 2.0

For multi-user applications, enhanced security, or when building apps for others.

Advantages

• Secure: User passwords never shared
• Scoped Access: Request only needed permissions
• Multi-User: Support multiple users in one app
• Revokable: Users can revoke access anytime

Creating OAuth Application

1. Go to Asana Developer Console
2. Click "Create New App"
3. Fill in application details:
   • App Name: Your application name
   • Redirect URI: http://localhost:8080/callback
4. Copy Client ID and Client Secret

Configuration

Method 1: Environment Variables

export ASANA_CLIENT_ID=your_client_id
export ASANA_CLIENT_SECRET=your_client_secret

Method 2: .env File

Create .env file in project root:

cp .env.example .env

Edit .env:

ASANA_CLIENT_ID=your_client_id
ASANA_CLIENT_SECRET=your_client_secret

Login with OAuth

bun run dev auth login

This will:

1. Start a local server on port 8080
2. Open your browser to Asana authorization page
3. Receive the authorization code
4. Exchange code for access/refresh tokens
5. Store tokens securely

Token Refresh

OAuth tokens expire after a certain time. The CLI automatically refreshes them when needed.

You can also manually refresh:

bun run dev auth refresh

Managing Authentication

Check Current User

Verify who you're logged in as:

bun run dev auth whoami

Output includes:

• User name
• User email
• Workspace access
• Authentication method

Logout

Clear stored credentials:

bun run dev auth logout

This removes:

• Access tokens
• Refresh tokens
• Workspace settings

Switch Accounts

# Logout first
bun run dev auth logout

# Login with new credentials
bun run dev auth login --token NEW_TOKEN

Configuration File

Authentication data is stored in ~/.asana-cli/config.json:

{
  "accessToken": "...",
  "refreshToken": "...",
  "authType": "oauth",
  "workspace": "...",
  "expiresAt": 1234567890
}

Manual Configuration

You can manually edit this file, but it's recommended to use the CLI commands instead.

Environment Variables

Supported environment variables:

# OAuth Configuration
ASANA_CLIENT_ID=your_client_id
ASANA_CLIENT_SECRET=your_client_secret

# Direct Token (PAT)
ASANA_ACCESS_TOKEN=your_token

# Default Workspace
ASANA_WORKSPACE=workspace_id

Security Best Practices

# Verify token is valid
bun run dev auth whoami

# If invalid, logout and login again
bun run dev auth logout
bun run dev auth login --token YOUR_TOKEN

http://localhost:8080/callback