Skip to content

Authentication

Traylinx supports three sign-in methods for human users plus a separate device-authorization flow for CLIs and headless tools. All sessions are JWT-based and refresh automatically while you're active.

1. Sign in methods

  • Email + password — enter your email, password, and complete the reCAPTCHA check. Use this for a freshly created account.
  • Google — click Continue with Google and pick your Google account. First sign-in creates a Traylinx account linked to that Google identity.
  • GitHub — click Continue with GitHub and authorize the Traylinx OAuth app. First sign-in creates a linked account.

If your email already has a Traylinx account, signing in with a new OAuth provider links them together — same account, new login option.

2. Sign up

  1. Open https://traylinx.com.
  2. Click Create account.
  3. Choose email + password or an OAuth provider.
  4. Verify your email if prompted.
  5. You land on the admin dashboard inside a personal organization.

3. Recover access

If you forgot your password: 1. On the login page, click Forgot password? 2. Enter your email. 3. Open the recovery email and click the reset link. 4. Set a new password.

OAuth-only accounts (Google or GitHub) don't have a password — sign in with the provider you originally used.

4. Session and tokens

  • After sign-in, Traylinx stores an access token and a refresh token in the browser.
  • The access token is short-lived; the refresh token is used in the background to keep you signed in.
  • If the refresh token fails (rotated, revoked, or device wiped), you're returned to the login page.

5. Sign out

  • Click your avatar in the sidebar → Sign out.
  • This clears tokens on this device only. Other devices stay signed in until they refresh.

6. Device authorization (CLI sign-in)

Tools like the Traylinx CLI and Tytus CLI use a device-authorization flow instead of password entry:

  1. Run the CLI command (for example tytus login).
  2. The CLI prints a short verification code and opens https://traylinx.com/device-authorization in your browser.
  3. Sign in if you aren't already, then approve the code.
  4. The CLI completes login and stores its own per-device credential.

You can revoke any device session at any time from Settings → Devices.

7. Two-factor authentication

Two-factor authentication is not yet available in the current web app. For high-security access from automated agents, use a scoped Sentinel Pass instead of your personal session.

For organization changes or account deletion, see Organization settings.

Mirrored from traylinx-web:docs/user-manuals/security/authentication.md. Edit the source in the traylinx-web repo — changes here are overwritten by the sync script.