Logging Into the Higgsfield CLI on a Server With No Browser A developer encountered a login failure when using the Higgsfield CLI on a headless server because the OAuth 2.0 PKCE flow assumes the browser and the HTTP listener share the same localhost. The redirect URI allowlist prevented using a custom port for an SSH tunnel, forcing reliance on the CLI's default registered ports. The developer realized the callback is a simple HTTP GET and can be handled by manually delivering the code to the listener. I wanted the Higgsfield CLI https://github.com/higgsfield-ai/cli on my server — a terminal front-end to a pile of image and video generation models, which makes it scriptable and cron-able in a way the web UI never will be. The install was one line. Then it asked me to log in, and a specific, recurring failure showed up that has nothing to do with Higgsfield and everything to do with a word that means two different things at once. The word is localhost . The server is headless: no monitor, no browser, reached only over SSH from a laptop. That detail is the whole story. Higgsfield authenticates with OAuth 2.0 PKCE, the way most modern CLIs do, and the polite version goes like this: the CLI opens a small HTTP listener on localhost: