Skip to main content

Browser Not Opening During Login

When running panguard login, the CLI attempts to open your default browser for authentication. If the browser does not open:
Skip the automatic browser launch and log in manually:
panguard login --no-browser
The CLI will print a URL. Copy and paste it into your browser manually, then enter the returned token in the CLI prompt.
On servers without a desktop environment, always use --no-browser:
panguard login --no-browser
Alternatively, log in on a machine with a browser and copy the credentials file:
# On the machine with a browser:
panguard login
cat ~/.panguard/credentials.json

# On the server:
mkdir -p ~/.panguard
# Paste the credentials JSON into:
nano ~/.panguard/credentials.json
chmod 600 ~/.panguard/credentials.json
WSL may not be able to launch a Windows browser. Set the browser path:
export BROWSER="/mnt/c/Program Files/Google/Chrome/Application/chrome.exe"
panguard login
Or use --no-browser as described above.

Login Timeout

If the login flow times out before you complete authentication: 
Error: Login timed out. Please try again.
Solutions:
  1. Retry the login — the default timeout is 120 seconds: 
    panguard login
  2. Check your internet connection — the CLI must reach auth.panguard.ai
  3. If behind a corporate proxy, set the proxy environment variable: 
    export HTTPS_PROXY=http://proxy.example.com:8080
panguard login

Token Expired

Error: Authentication token has expired. Please log in again.
JWT tokens expire after 24 hours. Re-authenticate: 
panguard login
For automated scripts and CI/CD pipelines, use API tokens instead of JWT tokens. API tokens do not expire until explicitly revoked. Generate one from your account dashboard or with panguard token create.

Tier Insufficient

Error: This feature requires the Pro tier or higher. Current tier: community
Some features are restricted by subscription tier:
FeatureMinimum Tier
Basic scanCommunity
Layer 1 GuardCommunity
Full Guard (3 layers)Solo
Chat notificationsSolo
Trap (honeypots)Pro
Report generationPro
Custom AI modelsBusiness
API accessBusiness
Solutions:
  1. Upgrade your subscription: 
    panguard upgrade
  2. Check your current tier: 
    panguard whoami
  3. If you recently upgraded, re-login to refresh your session: 
    panguard logout
panguard login

Credentials File Permissions

The credentials file at ~/.panguard/credentials.json stores your authentication token. It should be readable only by your user.
If the credentials file has overly permissive permissions (readable by other users), Panguard will refuse to use it and display a security warning.
Fix permissions: 
chmod 600 ~/.panguard/credentials.json
Verify: 
ls -la ~/.panguard/credentials.json
# Should show: -rw------- 1 youruser yourgroup ... credentials.json

Invalid or Corrupted Credentials

If you see errors like Error: Invalid token format or Error: Failed to parse credentials: 
# Remove the corrupted credentials file
rm ~/.panguard/credentials.json

# Log in again
panguard login

Google OAuth Issues

If Google login fails:
This is a server-side configuration issue. Contact support if you encounter this on auth.panguard.ai.
Ensure GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET are correctly configured, and the redirect URI in your Google Cloud Console matches your auth server URL.

Two-Factor Authentication (2FA) Issues

Use one of your backup codes to log in:
panguard login
# When prompted for TOTP code, enter a backup code instead
Each backup code is single-use. After logging in, disable 2FA and re-enable it to get new backup codes.
  • Verify your device clock is synchronized (TOTP is time-based)
  • Ensure you are using the code for the correct account
  • Codes rotate every 30 seconds — try waiting for the next code
  • If the problem persists, use a backup code