Back to journal

Readable identity debugging with Authdog CLI /whoami

Inspect authenticated user information in structured tables or raw JSON without leaving the Authdog terminal interface.

A

Authdog Engineering

2 min read
Split terminal showing formatted identity fields and raw JSON

Identity debugging often starts with one question: who does the server think I am? Authdog CLI answers from the authenticated API rather than relying only on locally decoded token claims.

Enter /whoami or /me inside authdog-cli.

Ask the userinfo endpoint

The command calls authenticated GET /v1/userinfo with the current access token. This gives the CLI a server-provided view of the current identity and session.

The response opens with two representations:

  • Pretty groups fields into readable sections and tables.
  • Raw displays indented JSON for exact inspection.

Use Tab or Shift-Tab to switch views. Keyboard scrolling and mouse-wheel scrolling keep larger responses usable inside the fullscreen interface.

Make token fields readable

When identity data contains JWT-shaped values, shared formatting helpers can decode the payload for display. Timestamps become readable dates, expired timestamps are marked, and noisy session identifiers can be suppressed from the formatted view.

Decoded does not mean verified. The local JWT helper reads payload claims for presentation but does not verify the signature. Trust decisions still belong to Authdog APIs and correctly configured token verification in your application.

Keep raw output in context

Raw view helps compare the exact API response with the formatted view, but the beta keeps both inside its terminal UI. It does not currently emit stable JSON to stdout for pipelines such as jq.

That distinction avoids a fragile automation contract while the data shape and command model are still evolving.

Check surrounding session state

When an identity looks unexpected, combine /whoami with /status. Status shows the credential path and active organization, tenant, project, and environment selections. It also shows token lengths and limited previews rather than printing complete credentials.

For current-user debugging, the workflow is short:

  1. /login to establish a session.
  2. /whoami to inspect server-provided identity.
  3. Switch between Pretty and Raw views.
  4. /status to verify resource scope.
  5. /logout when the local session should be removed.

The goal is not to replace protocol tooling. It is to make the most common identity check immediate and legible.