Re: [OAUTH-WG] oauth with command line clients
Aaron Parecki <aaron@parecki.com> Mon, 12 June 2017 03:58 UTC
Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3235F129BA8 for <oauth@ietfa.amsl.com>; Sun, 11 Jun 2017 20:58:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=parecki-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RHBd8_cCD-wB for <oauth@ietfa.amsl.com>; Sun, 11 Jun 2017 20:58:21 -0700 (PDT)
Received: from mail-pf0-x229.google.com (mail-pf0-x229.google.com [IPv6:2607:f8b0:400e:c00::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33170129BA5 for <oauth@ietf.org>; Sun, 11 Jun 2017 20:58:21 -0700 (PDT)
Received: by mail-pf0-x229.google.com with SMTP id l89so46862637pfi.2 for <oauth@ietf.org>; Sun, 11 Jun 2017 20:58:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9nDdXrWs+kQXxXbQ63x3UPP6BsT/6EDOfZISuARVb+w=; b=H2oZCNgdtZam0emggV8w6+E0vwqQLWVSIlrLkf1rTBowItV0QYvJqwe6uAqdexvxog N9qzKcWzRkUhyTgtwQijrEWMUQ1uVnhOY0kBQoJdx5ibripm26J1lWcPRfpc4ZqS3vt9 /bnpZIZt6J14WUNdD/RMKFDER4eRvxx4VQTE7PzomdZeQnvEEzV81LcgEYVwI5wutMkZ Bmdrma9ipwOyK/YnpMHLwEZ9mp/I3XczlU7Dm3C3ImwGVmJQNnlz9wDX9rykCkZeSRcs xu8iVL4fvY3V6Gs/1S4OOnKbtIRA6uyvDvpsBsNKpG5cbepLocz6lB1k2HLGDKEMiJo9 qGpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9nDdXrWs+kQXxXbQ63x3UPP6BsT/6EDOfZISuARVb+w=; b=Z7Ma8jTxi5TY7UrtM3/uKrrh8pkvNq4BzPkkUyr7i5InEtjIWQAWel/sTCl+p5WD2y Q+GUNC8ZAbNJ7qacQ06JmuECiU3wgTChBI+D5yoGkJDtYKDoJoWlRzKV7XtBP7SaCFlw /df5VqKb0VmVCRrb+asS3CobesyABHFM6Z4wXFkXF9maewfuQUSfF+LhPrmwR/0qoYh8 ss0n9j5tqUeecrTt8MsxFGtS25oj8o4CpKRLdOiZFyAFl3DczpBydgWSjf62CcU9ia4B +2t7Aw1utl32vVw6ab4fYq0rK06P+ja/cd06ee8LJjXhXzwPj1A15Bsr4u5GSdU8yJEz 89vQ==
X-Gm-Message-State: AODbwcB++yXaU1p4Y34fqg7v53zdOmRDlU/tljIif8hESgQd76XsIzlV AYJF4NH7NDfvxpEYHcHkdw==
X-Received: by 10.99.67.69 with SMTP id q66mr55371069pga.156.1497239900594; Sun, 11 Jun 2017 20:58:20 -0700 (PDT)
Received: from mail-pf0-f179.google.com (mail-pf0-f179.google.com. [209.85.192.179]) by smtp.gmail.com with ESMTPSA id u45sm21492836pgn.28.2017.06.11.20.58.19 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Jun 2017 20:58:19 -0700 (PDT)
Received: by mail-pf0-f179.google.com with SMTP id 83so46864783pfr.0 for <oauth@ietf.org>; Sun, 11 Jun 2017 20:58:19 -0700 (PDT)
X-Received: by 10.99.49.206 with SMTP id x197mr54780986pgx.181.1497239899529; Sun, 11 Jun 2017 20:58:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.185.67 with HTTP; Sun, 11 Jun 2017 20:58:19 -0700 (PDT)
In-Reply-To: <a496c372-b700-c6ad-06e7-c257c10d5986@redhat.com>
References: <a496c372-b700-c6ad-06e7-c257c10d5986@redhat.com>
From: Aaron Parecki <aaron@parecki.com>
Date: Sun, 11 Jun 2017 20:58:19 -0700
X-Gmail-Original-Message-ID: <CAGBSGjoarSVOEdqjPJXL6BfuACnZeks4LEyBpaMSb+TQ_WFNFw@mail.gmail.com>
Message-ID: <CAGBSGjoarSVOEdqjPJXL6BfuACnZeks4LEyBpaMSb+TQ_WFNFw@mail.gmail.com>
To: Bill Burke <bburke@redhat.com>
Cc: OAuth WG <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c115d705aedd70551bb54a6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/YkJdlUcSphw7PaJrat1ADOYQS7I>
Subject: Re: [OAUTH-WG] oauth with command line clients
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 03:58:23 -0000
I've seen this done a few ways: * The Device Flow: https://tools.ietf.org/html/draft-ietf-oauth-device-flow which is what you see on browserless devices like the Apple TV logging in to a cable provider from your phone. A short code is generated and displayed on the screen, you launch a browser on your phone and enter the code. This would work just as well from the command line on the same device. * I've also seen apps use the authorization flow, by displaying the authorization URL on the command line prompt and instructing the user to open it in a browser. The redirect URI is a hosted web page that displays the authorization code and instructs the user to paste it back at the terminal. * The command line app can launch an HTTP server on localhost and use that as the redirect URL for the authorization code flow. This option ends up being the most seamless since it works like a traditional flow without any special instructions to the user. ---- Aaron Parecki aaronparecki.com @aaronpk <http://twitter.com/aaronpk> On Sun, Jun 11, 2017 at 8:52 PM, Bill Burke <bburke@redhat.com> wrote: > Has anybody done any spec work around doing oauth from command line > interfaces? We're looking for something where the auth server can generate > text-based challenges that are rendered in the console window that query > for simple text input over possibly multiple requests. I'm not talking > about Resource Owner or Client Credentials grant. The command line client > may not know the credential types required for a successful token request. > It would be easy to write a simple protocol, but I'd rather just do > something around any existing internet draft or rfc that somebody has put > some thought into. Hope I'm making sense here. > > Thanks, > > Bill Burke > > Red Hat > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] oauth with command line clients Bill Burke
- Re: [OAUTH-WG] oauth with command line clients Aaron Parecki
- Re: [OAUTH-WG] oauth with command line clients Bill Burke
- Re: [OAUTH-WG] oauth with command line clients Hollenbeck, Scott
- Re: [OAUTH-WG] oauth with command line clients David Waite
- Re: [OAUTH-WG] oauth with command line clients Justin Richer
- Re: [OAUTH-WG] oauth with command line clients Phil Hunt
- Re: [OAUTH-WG] oauth with command line clients Dick Hardt
- Re: [OAUTH-WG] oauth with command line clients Bill Burke
- Re: [OAUTH-WG] oauth with command line clients Bill Burke
- Re: [OAUTH-WG] oauth with command line clients Justin Richer