@aaronpk does Okta support the OAuth device code grant type and/or the oob redirect (urn:ietf:params:oauth:grant-type:device_code / urn:ietf:wg:oauth:2.0:oob)? If not, any thoughts on how one might obtain an OIDC ID token from Okta at the command line on a remote machine?
2
Replying to @aaronpk
Thanks for the link! If you haven't checked out the step CLI tool (specifically the `oauth` and `crypto jwt` subcommands) I think you may like it. We can handle redirect to 127.0.0.1 (and verify the id token). github.com/smallstep/cli
1
Doesn't work when you're on a remote machine though: native apps need to redirect to localhost, so if you're SSH'd in you don't have a local browser available to complete the flow.
1