Has anyone ever written up CLI-to-web authentication flows, like the one Heroku did, or the one Teleport does? I’m wondering if there’s best practices and stuff.
23
4
1
64
Excellent timing, today's blog post on the @oktadev blog is about exactly that! developer.okta.com/blog/2022… (it applies to anything outside Okta too of course)

Authenticate from the Command Line with Java

Tutorial: Build a Java application with JBang that uses the OAuth 2.0 Device Grant and log in with a code.

developer.okta.com
1
“Open the browser and enter the following code” isn’t usually how these flows work.
1
3
Replying to @tqbf @oktadev
Some do! But further down it says the CLI app can launch the browser on the machine if it has the ability to do so. Same flow under the hood tho. The other option is for the CLI app to spin up a web server on localhost to catch the redirect developer.okta.com/blog/2018…

OAuth 2.0 from the Command Line

In this tutorial, I'll show you how to write a command line script which is able to complete the OAuth exchange all without any copying and pasting long strings! Why? Because it's mildly useful, but...

developer.okta.com

Apr 11, 2022 · 10:31 PM UTC

1
1
Replying to @aaronpk @tqbf @oktadev
AWS SSO opens a browser with the code embedded as a query param, then you login to your account, while the CLI is polling for changes from AWS to get a valid auth token after authn is done. I use `open <uri>` on macos for this.
1
1
Yep, that's the OAuth device flow! That's how I would expect to see it in most places now.