Installing and authenticating the GitHub CLI gh and GitLab CLI glab on Windows
Posted by jpluimers on 2025/07/16
As a keyboard person, I prefer to live on the CLI (command-line interface), so when possible I prefer command-line tools over GUI tools (especially since command-line tool are way easier to script).
In the past on non-Windows systems I used gist (see below), but that is not available on Windows unless you have a Ruby environment.
Some notes on Windows to install and authenticate GitHub CLI (gh) and GitLab CLI (glab), both of which I previously mentioned in Tribal Knowledge? Getting the public keys from github and gitlab users from their username.
For me, installing is easiest through Chocolatey (version numbers from the time of writing; the non-archived URLs point to the most current version available):
- [Wayback/Archive] Chocolatey Software | GitHub CLI 2.20.2
- [Wayback/Wayback] Chocolatey Software | glab 1.22.0 which depends on this actual install:
This was my install script:
choco upgrade --yes gh
choco upgrade --yes glab
Before configuring both, I’d almost forgot writing about the gist Ruby gem, so:
The gist Ruby gem
- Gem: [Wayback/Archive] gist | RubyGems.org | your community gem host
- Repository: [Wayback/Archive] defunkt/gist: Potentially the best command line gister.
Via: [Wayback/Archive] windows add gist from console – Google Search -> [Wayback/Archive] github – How to create a gist on command line – Stack Overflow (thanks [Wayback/Archive] trbvm, [Wayback/Archive] Nickolay Kondratenko and [Wayback/Archive] Bruno).
Let’s continue with the authentication bit, which I have split into two parts:
GitHub gh authentication
Repository: [Wayback/Archive] cli/cli: GitHub’s official command line tool
Before starting: you can always check the configured authentication status by executing gh auth status.
One-time authentication (you can do gh auth logout to undo this and start over):
gh auth login --git-protocol https --hostname github.com --web
Note the --hostname github.com which is not really documented anywhere (if you don’t pass it, then you get a UI which lets you choose which kind of implicitly indicates github.com is the correct parameter value).
It brings you to https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Flogin%2Fdevice where you can logon (it uses the method you configured; please use more than just username+password: multi-factor authentication is the norm nowadays people!) or if you are already logged on implicitly continues with the next step.
After logon (either manual or implicit) you are redirect to https://github.com/login/device where you can paste or type the one-time code (device_code) that identifies the gh environment.
Confirming then brings you to https://github.com/login/device/confirmation where lists the level of access the gh environment gets:
GitHub CLI by GitHub wants to access your foo accountWorkflow Update GitHub Action Workflow files.This application will be able to remove, edit GitHub Action Workflow files for your repositories.
After confirming that, you need to re-confirm with your GitHub password at https://github.com/login/device/authorize
Finally you end up at https://github.com/login/device/success
Since the device code is time dependent, here is a full long from one of my environments:
C:\Users\foo>gh auth login --git-protocol https --hostname github.com --web ? Authenticate Git with your GitHub credentials? Yes ! First copy your one-time code: 4B45-D1CA Press Enter to open github.com in your browser... failed to authenticate via web browser: This 'device_code' has expired. (expired_token) C:\Users\foo>gh auth login --git-protocol https --hostname github.com --web ? Authenticate Git with your GitHub credentials? Yes ! First copy your one-time code: 5344-50D3 Press Enter to open github.com in your browser... ✓ Authentication complete. - gh config set -h github.com git_protocol https ✓ Configured git protocol ✓ Logged in as foo
gh auth docs
Docs of the commands I mentioned above:
- [Wayback/Archive] GitHub CLI:
gh auth| Take GitHub to the command line - [Wayback/Archive] GitHub CLI:
gh auth login| Take GitHub to the command line - [Wayback/Archive] GitHub CLI:
gh auth logout| Take GitHub to the command line - [Wayback/Archive] GitHub CLI:
gh auth status| Take GitHub to the command line
GitLab glab authentication
Repository: [Wayback/Archive] GitLab.org / cli · GitLab
Before starting: you can always check the configured authentication status by executing gh auth status.
Note: the glab configuration is stored as yaml files under %USERPROFILE%\.config\glab-cli, currently as aliases.yml and config.yml, so it might be easy to unde glab auth login by manually modifying these)
One-time authentication (note there is no glab auth logout to undo this and start over, see [Wayback/Archive] Add glab login command · Issue #233 · profclems/glab):
glab auth login --git-protocol https --hostname gitlab.com --web
This failed as the --git-protocol parameter is unknown. You can set it through glab config set git_protocol https (you can view the current value through glab config get git_protocol which returned ssh), though this is undocumented (see documentation links below).
Because the --web protocol is also unknown, this fails: glab auth login --hostname gitlab.com --web
It asks for an authentication token (which you can generate at gitlab.com/-/profile/personal_access_tokens) when we use glab auth login --hostname gitlab.com
So we generate a token, then run this (of course the GUID is not my token, duh!):
glab auth login --hostname gitlab.com --token ceb5c086-50e8-4dfa-a48d-a06616507280
Unlike the git_protocol setting (which is stored in a local config.yml file in a .git\glab-cli subdirectory of your current directory), the token setting is in the global config file %USERPROFILE%\.config\glab-cli in this tree:
hosts: gitlab.com: # What protocol to use to access the api endpoint. Supported values: http, https api_protocol: https # Configure host for api endpoint, defaults to the host itself api_host: gitlab.com # Your GitLab access token. Get an access token at https://gitlab.com/-/profile/personal_access_tokens token: !!null ceb5c086-50e8-4dfa-a48d-a06616507280
The problem is this config command also configures the global config.yml file instead of the local config.yml file (unlike the git_protocol setting):
glab config set --hostname gitlab.com token ceb5c086-50e8-4dfa-a48d-a06616507280 --host gitlab.com
This prevents independent local configuration files (from different directory trees) from using separate tokens for the host named gitlab.com (for instance when you have both a work and a private account).
Note the --hostname gitlab.com and --host gitlab.com which is not really documented anywhere (if you don’t pass it, then you get a UI which lets you choose which kind of implicitly indicates github.com is the correct parameter value; also you can find it in the default %USERPROFILE%\.config\glab-cli as it gitlab.com: an entry under hosts:).
glab auth docs
Docs of the commands I mentioned above:
- [Wayback/Archive] docs/source/auth · main · GitLab.org / cli · GitLab:
glab auth - [Wayback/Archive] docs/source/auth/login.md · main · GitLab.org / cli · GitLab:
glab auth login - [Wayback/Archive] docs/source/auth/status.md · main · GitLab.org / cli · GitLab:
glab auth status - [Wayback/Archive] docs/source/config · main · GitLab.org / cli · GitLab:
glab configfails to document quite a few settings:-
git_protocolcheck_updatedisplay_hyperlinksapi_protocolapi_host
-
- [Wayback/Archive] docs/source/config/get.md · main · GitLab.org / cli · GitLab:
glab config get - [Wayback/Archive] docs/source/config/set.md · main · GitLab.org / cli · GitLab:
glab config set
Conclusion
gh is more mature than glab both in functionality and , but both allow authentication which makes CLI life a lot easier.
Related glab auth login issues at the time of writing:
- [Wayback/Archive] Glab auth status replies “Invalid token provided”, cannot authenticate (#1112) · Issues · GitLab.org / cli · GitLab
- [Wayback/Archive] GitLab CLI Authentication (&9363) · Epics · GitLab.org · GitLab
- [Wayback/Archive] Both glab auth login –hostname gitlab.com –token … and glab config set token … –host gitlab.com apply the change to the global ~/.config/glab-cli/config.yml configuration file instead of the local .config/glab-cli/config.yml configuration file. (#1134) · Issues · GitLab.org / cli · GitLab
--jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment