While it does add a vector for user error, the codes aren’t long and cryptic.
Most implementations are 6 or 8 characters, and it’s recommended that they be
case insensitive and not have ambiguous characters (I vs 1, O vs 0). And they
should be all low ASCII, even just a subset of uppercase lette
I guess the auth code flow could be used with the command line tool
using the OpenID Connect "display" parameter with a value of
"command-line" or "text" or something when it makes its auth request. I
could go the route of defining what "command-line" display value would
mean in OIDC land. Aw
On 6/12/17 12:20 PM, David Waite wrote:
FYI, A few years ago I did a demonstration on OpenID Connect at Cloud
Identity Summit using a collection of bash scripts and command-line
utilities (nc, jq). I used the macOS system command ‘open’ to launch a
browser, and netcat to field the response as
+1 to the device flow if you can't pop open a system browser.
If you can pop open a system browser, then a more standard flow is a better
CX.
On Mon, Jun 12, 2017 at 11:34 AM, Phil Hunt wrote:
> +1
>
> The point of OAuth is to break away from using UID/Password (basic auth).
>
>
> The device f
+1
The point of OAuth is to break away from using UID/Password (basic auth).
The device flow is the best way to allow stronger authentication of the
authorizing user while still allowing a limited input device (e.g. command
line) to work.
Phil
Oracle Corporation, Identity Cloud Services
I second the recommendation to use the device flow for this kind of
system. The commandline client would print out a text string for the
user to enter into their browser elsewhere.
If you can pop up a system browser then it's even easier and you can
just use the auth code flow, but it's a lot
To: Aaron Parecki mailto:aa...@parecki.com>>
> Cc: OAuth WG mailto:oauth@ietf.org>>
> Subject: [EXTERNAL] Re: [OAUTH-WG] oauth with command line clients
>
> I've read about these techniques, but, its just not a good user experience.
> I'm thinking more of something where
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Bill Burke
Sent: Monday, June 12, 2017 9:23 AM
To: Aaron Parecki
Cc: OAuth WG
Subject: [EXTERNAL] Re: [OAUTH-WG] oauth with command line clients
I've read about these techniques, but, its just not a good user experience.
I'
I've read about these techniques, but, its just not a good user
experience. I'm thinking more of something where the command line
console is the sole user agent and the auth server drives a plain text
based interaction much like an HTTP Server drives interaction with HTML
and the browser.
Th
I've seen this done a few ways:
* The Device Flow: https://tools.ietf.org/html/draft-ietf-oauth-device-flow
which is what you see on browserless devices like the Apple TV logging in
to a cable provider from your phone. A short code is generated and
displayed on the screen, you launch a browser on
Has anybody done any spec work around doing oauth from command line
interfaces? We're looking for something where the auth server can
generate text-based challenges that are rendered in the console window
that query for simple text input over possibly multiple requests. I'm
not talking about
11 matches
Mail list logo
