I've seen this done a few ways: * The Device Flow: https://tools.ietf.org/html/draft-ietf-oauth-device-flow which is what you see on browserless devices like the Apple TV logging in to a cable provider from your phone. A short code is generated and displayed on the screen, you launch a browser on your phone and enter the code. This would work just as well from the command line on the same device. * I've also seen apps use the authorization flow, by displaying the authorization URL on the command line prompt and instructing the user to open it in a browser. The redirect URI is a hosted web page that displays the authorization code and instructs the user to paste it back at the terminal. * The command line app can launch an HTTP server on localhost and use that as the redirect URL for the authorization code flow. This option ends up being the most seamless since it works like a traditional flow without any special instructions to the user.
---- Aaron Parecki aaronparecki.com @aaronpk <http://twitter.com/aaronpk> On Sun, Jun 11, 2017 at 8:52 PM, Bill Burke <bbu...@redhat.com> wrote: > Has anybody done any spec work around doing oauth from command line > interfaces? We're looking for something where the auth server can generate > text-based challenges that are rendered in the console window that query > for simple text input over possibly multiple requests. I'm not talking > about Resource Owner or Client Credentials grant. The command line client > may not know the credential types required for a successful token request. > It would be easy to write a simple protocol, but I'd rather just do > something around any existing internet draft or rfc that somebody has put > some thought into. Hope I'm making sense here. > > Thanks, > > Bill Burke > > Red Hat > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
