@aaronpk is the OAuth2 device grant the way to go for CLI apps that can't receive incoming connections, ie the browser can't be redirected to them? Or is there another grant specifically for that case?
1
After a bit more research, looks like urn:ietf:wg:oauth:2.0:oob might be a more idiomatic (and probably more secure) approach?
1
Replying to @anderspitman
I'd recommend the device flow for it tbh, I've seen it used that way a bunch. The oob thing is more for installed apps that can monitor the address bar. With a command line app, especially over ssh, that doesn't really work.

Feb 18, 2022 · 5:44 PM UTC

1
1
Replying to @aaronpk
I've seen it used with manual copy/paste, for example by rclone when getting a Google Drive token. That would be the way I'd use it. But apparently it's also not standardized.