Visual Studio Code extension authentication

To scan your Projects you must authenticate with Snyk.

Snyk supports the following protocols for authentication:

• OAuth 2.0 (default)

• Snyk API token (fallback option)

For both methods, Snyk uses the Secret Storage API to store the token securely. This storage uses the system's keychain to manage the token.

Steps to authenticate using the OAuth 2.0 protocol

To authenticate follow these steps:

1. After the extension is installed, click the Snyk Icon in the navigation bar, and then click Connect & Trust Workspace:
2. The extension opens a new page in a default browser and asks you to log in to your Snyk account:

1. The next page asks for your authorization for the IDE to act on your behalf. Click Grant app access.

1. After you authenticate successfully, view the confirmation message.

1. The IDE reads and saves the authentication on your local machine. Close the browser window and return to the IDE.

The analysis starts automatically. If you have problems, see OAuth 2.0 authentication does not work.

Steps to authenticate using your Snyk API token

To authenticate follow these steps:

1. After the extension is installed, click the Snyk Icon in the navigation bar; then click the Settings icon, find Authentication Method, and change it to Token authentication:

1. Copy your API token. For details, see Obtain and use your Snyk API token.

2. Then run theSnyk: Set Token command and paste the token in the text field.

How to switch accounts

To re-authenticate with a different account, follow these steps:

1. Run the provided Snyk: Log Out command.

1. When you have logged out, start authentication from scratch.

Requirements for Linux and Unix

When authenticating with Snyk, users have the option to copy the authentication URL to their clipboard.

For Linux and Unix users, this requires that the xclip or xsel utility be installed.