Mike Malone · Nov 11, 2020 · 11:16 PM UTC

Mike Malone

Mike Malone @mjmalone

11 Nov 2020

@aaronpk does Okta support the OAuth device code grant type and/or the oob redirect (urn:ietf:params:oauth:grant-type:device_code / urn:ietf:wg:oauth:2.0:oob)? If not, any thoughts on how one might obtain an OIDC ID token from Okta at the command line on a remote machine?

Aaron Parecki · Nov 11, 2020 · 11:28 PM UTC

Aaron Parecki · Nov 11, 2020 · 11:28 PM UTC

Aaron Parecki @aaronpk

11 Nov 2020

Replying to @mjmalone

It doesn't support the device code flow out of the box (yet), but here are some options for how to do it on the command line with the auth code flow: developer.okta.com/blog/2018… developer.okta.com/blog/2019…

OAuth 2.0 from the Command Line

In this tutorial, I'll show you how to write a command line script which is able to complete the OAuth exchange all without any copying and pasting long strings! Why? Because it's mildly useful, but...

developer.okta.com

Nov 11, 2020 · 11:28 PM UTC

Mike Malone · Nov 11, 2020 · 11:52 PM UTC

Mike Malone @mjmalone

11 Nov 2020

Replying to @aaronpk

Thanks for the link! If you haven't checked out the step CLI tool (specifically the `oauth` and `crypto jwt` subcommands) I think you may like it. We can handle redirect to 127.0.0.1 (and verify the id token). github.com/smallstep/cli

Mike Malone · Nov 11, 2020 · 11:53 PM UTC

Mike Malone @mjmalone

11 Nov 2020

Doesn't work when you're on a remote machine though: native apps need to redirect to localhost, so if you're SSH'd in you don't have a local browser available to complete the flow.

more replies