Skip to content
Latchkey

gh auth status: Usage & Common CI Errors

Confirm which token gh is using and what scopes it has.

gh auth status reports the authentication state for each host: which account is logged in, the token source, and the granted OAuth scopes. It is the first command to run when gh operations unexpectedly fail.

What it does

gh auth status checks stored credentials and environment tokens, printing the logged-in user, the active host, where the token came from (keyring, file, or GH_TOKEN), and the token’s scopes. With --show-token it also prints the token value.

Common usage

Terminal
# Show auth state for all hosts
gh auth status

# Limit to one host and reveal the token
gh auth status --hostname github.com --show-token

Common error in CI: not logged in / missing scopes

gh auth status exits nonzero with "You are not logged into any GitHub hosts" when no token is present, or shows a token missing a needed scope (e.g. no workflow scope, so gh workflow run 403s). Fix: ensure GH_TOKEN is set in the job env, and check the printed scopes against what your commands need - repo for PRs/issues, workflow for Actions, read:org for org queries. Regenerate the PAT or adjust workflow permissions to add the missing scope.

Key options

OptionPurpose
--hostname HOSTLimit to a specific host
--show-tokenPrint the token value
-a, --activeShow only the active account

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →