# Authentication for Visual Studio Code extension
To scan your Projects, you must authenticate with Snyk.
Snyk supports the following protocols for authentication:
* OAuth 2.0 (Recommended)
* Personal Access Token
* Snyk API token (Legacy)
For all authentication methods, Snyk uses the [Secret Storage API](https://code.visualstudio.com/api/references/vscode-api#SecretStorage) to store the token securely. This storage uses the keychain of the system to manage the token.
{% hint style="warning" %}
Before authenticating, ensure you have set your region properly. For details, see [IDEs URLs](https://docs.snyk.io/snyk-data-and-governance/regional-hosting-and-data-residency#ides-urls).
{% endhint %}
## Steps to authenticate using the OAuth 2.0 protocol
Follow these steps to authenticate:
1. After the extension is installed, click the **Snyk Icon** in the navigation bar, then click **Connect & Trust Workspace**:
Connect and trust workspace
2. A new browser window opens, requiring you to log in to your Snyk account.
3. In the next prompt, the Snyk IDE extension requests access to act on your behalf. Click **Grant app access**.
4. When you have authenticated successfully, a confirmation message appears. Close the browser window and return to the IDE.
5. The IDE reads and saves the authentication on your local machine. Close the browser window and return to the IDE.
The analysis starts automatically. The IDE reads and saves the authentication on your local machine.
{% hint style="info" %}
OAuth 2.0 tokens are not static and cannot be copied from the Snyk account page.
{% endhint %}
If you have problems, see [OAuth 2.0 authentication does not work](https://docs.snyk.io/developer-tools/snyk-ide-plugins-and-extensions/troubleshooting-ides/how-to-set-environment-variables-by-operating-system-os-for-ides-and-cli-1).
## Steps to authenticate using your Personal Access Token
{% hint style="warning" %}
This method is inferior to the OAuth method.
{% endhint %}
{% hint style="warning" %}
The Personal Access Token (PAT) authentication is progressively rolled out to all Enterprise customers. To check if this feature is available for your Organization at this time, please reach out to your Snyk account team.
{% endhint %}
When using this feature, ensure you generate and use a Personal Access Token (PAT). This feature is not compatible with Service Account tokens, and using them may result in unexpected behavior or errors.
{% hint style="info" %}
Whenever you use this feature in your IDE, ensure to also retrieve the PAT details from the Snyk Web UI. Contact Snyk Support to enable the PAT feature within your Snyk Web UI Organization.
{% endhint %}
To authenticate using the Personal Access token, follow these steps:
1. Click the **Snyk Icon** in the navigation bar, then click the **Settings** icon, find **Authentication Method,** and change it to **Personal Access Token**.
2. Create your **Personal Access** **Token**. For details, see the [Authentication for API](https://docs.snyk.io/snyk-api/authentication-for-api) page.
3. Run the `Snyk: Set Token` command and paste the token in the text field.
## Steps to authenticate using your Snyk API token
{% hint style="warning" %}
This method is inferior to the OAuth method.
{% endhint %}
Follow these steps to authenticate:
1. After the extension is installed, click the **Snyk Icon** in the navigation bar, then click the **Settings** icon, find **Authentication Method,** and change it to **Token authentication**:
Change authentication method
2. Press **Connect & Trust Workspace**.
3. Click **Authenticate** in the web browser window that opens.
The analysis starts automatically.
{% hint style="info" %}
Alternatively, run the `Snyk: Set Token` command and paste the token in the text field.
{% endhint %}
Set token manually
## How to switch accounts
To re-authenticate with a different account, follow these steps:
1. Run the provided `Snyk: Log Out` command.
Snyk: Log out
2. When you have logged out, start authentication again from the beginning.
## Requirements for Linux and Unix
When authenticating with Snyk, users have the option to copy the authentication URL to their clipboard.
For Linux and Unix users, this requires the `xclip` or `xsel` utility to be installed.
.png?alt=media)
%20(1).png?alt=media&token=ae8d1b32-a925-4abf-9d20-e6d01eac8423)
