I've seen this done a few ways: * The Device Flow: • Aaron Parecki

69°F

https://mailarchive.ietf.org/arch/msg/oauth/h0ivzMZBHjXGi6HqcB0LYdR4skw

OAuth Working Group

I've seen this done a few ways:

• The Device Flow: https://tools.ietf.org/html/draft-ietf-oauth-device-flow which is what you see on browserless devices like the Apple TV logging in to a cable provider from your phone. A short code is generated and displayed on the screen, you launch a browser on your phone and enter the code. This would work just as well from the command line on the same device.
• I've also seen apps use the authorization flow, by displaying the authorization URL on the command line prompt and instructing the user to open it in a browser. The redirect URI is a hosted web page that displays the authorization code and instructs the user to paste it back at the terminal.
• The command line app can launch an HTTP server on localhost and use that as the redirect URL for the authorization code flow. This option ends up being the most seamless since it works like a traditional flow without any special instructions to the user.

Portland, Oregon, USA

Sun, Jun 11, 2017 8:59pm -07:00 #oauth #oauth2

Have you written a response to this? Let me know the URL:

Posted in /replies using quill.p3k.io