Description
notion auth login --with-token reads the token from stdin but does not trim trailing whitespace / newlines. On Windows PowerShell, piping a string to a native process automatically appends CRLF (\r\n), so the CLI sends the token as ntn_xxx\r\n to the Notion API, which rejects it as unauthorized: API token is invalid.
The token itself is valid (confirmed via direct Invoke-RestMethod to https://api.notion.com/v1/users/me), so this is purely a CLI input-handling bug.
Repro (Windows PowerShell 5.1)
$token = (Get-Content path\to\valid-token.txt -Raw).Trim()
$token | notion auth login --with-token
# → Error: authentication failed: unauthorized: API token is invalid.
The token works fine when set as $env:NOTION_TOKEN (because that path doesn't go through stdin), or when fed via a different mechanism that doesn't append CRLF.
Workaround that works
[System.IO.File]::WriteAllText("$env:TEMP\nt.txt", $token)
cmd /c "notion auth login --with-token < `"$env:TEMP\nt.txt`""
# → ✓ Logged in to <workspace>i.e. using cmd's < redirection avoids the PowerShell pipe entirely.
Expected behavior
The CLI should strings.TrimSpace(...) (or equivalent) the token read from stdin before sending it to the API. Tokens are bounded ASCII strings — there's no legitimate reason to preserve trailing whitespace.
Environment
- OS: Windows 11 (10.0.26200)
- Shell: PowerShell 5.1 / Windows PowerShell
- notion-cli: v0.7.0 (windows_amd64)
- Notion token: standard internal integration secret (
ntn_...)
Impact
Pretty bad UX on Windows — the error message ("API token is invalid") sends users on a debugging wild goose chase (re-checking integration setup, regenerating tokens, etc.) when the actual problem is shell-level. Took me ~10 minutes to figure out via direct API testing.
Description
notion auth login --with-tokenreads the token from stdin but does not trim trailing whitespace / newlines. On Windows PowerShell, piping a string to a native process automatically appends CRLF (\r\n), so the CLI sends the token asntn_xxx\r\nto the Notion API, which rejects it asunauthorized: API token is invalid.The token itself is valid (confirmed via direct
Invoke-RestMethodtohttps://api.notion.com/v1/users/me), so this is purely a CLI input-handling bug.Repro (Windows PowerShell 5.1)
The token works fine when set as
$env:NOTION_TOKEN(because that path doesn't go through stdin), or when fed via a different mechanism that doesn't append CRLF.Workaround that works
i.e. using
cmd's<redirection avoids the PowerShell pipe entirely.Expected behavior
The CLI should
strings.TrimSpace(...)(or equivalent) the token read from stdin before sending it to the API. Tokens are bounded ASCII strings — there's no legitimate reason to preserve trailing whitespace.Environment
ntn_...)Impact
Pretty bad UX on Windows — the error message ("API token is invalid") sends users on a debugging wild goose chase (re-checking integration setup, regenerating tokens, etc.) when the actual problem is shell-level. Took me ~10 minutes to figure out via direct API testing.