oauth2cli

package module
v1.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 23, 2025 License: Apache-2.0 Imports: 12 Imported by: 18

README

oauth2cli go GoDoc

This is a Go package for OAuth 2.0 authorization in a command line interface (CLI) tool. You can create a CLI tool with the simple authorization flow for better UX.

Take a look at the screencast of the example application.

Purpose

When we create a CLI tool which accesses an API with OAuth, it needs the complicated flow such as copy/paste of a URL and code, as follows:

  1. User runs the command.
  2. Command shows the URL for authorization.
  3. User opens the browser, logs in to the server and approves the authorization.
  4. Server shows an authorization code.
  5. User copies the code and pastes into the command.
  6. Command accesses the API with the token.

You can make it simple by using oauth2cli as follows:

  1. User runs the command.
  2. Command opens the browser.
  3. User logs in to the server and approves the authorization.
  4. Command gets a token and access the API with the token.

How it works

oauth2cli starts the local server and initiates the flow of OAuth 2.0 Authorization Code Grant.

Testing OAuth 2.0 Auth Code Flow using oauth2cli
sequenceDiagram
    autonumber
    participant RO as Resource Owner (User)
    participant CLI as oauth2cli
    participant UA as User Agent (Browser)
    participant Client as Local Server <br/> (client)
    participant AS as Auth Server

    Note over Client,RO: (Prereq) Client registered with Authorization Server and has client_id

    RO->>CLI: Command
    CLI->>UA: Open
    UA->>AS: Authorization Request
    AS-->>UA: Login / Consent
    RO->>UA: AuthN/AuthZ
    UA->>AS: AuthN/AuthZ
    AS-->>UA: AuthZ Response (redirect)
    UA->>Client: Follow redirect
    Client-->>UA: Success Response
    UA-->>CLI: Close
    CLI->>AS: Token Request
    AS->>CLI: Token Response
    CLI-->>RO: Exit

Contributions

This is an open source software licensed under Apache 2.0. Feel free to open issues and pull requests.

Documentation

Overview

Package oauth2cli provides better user experience on OAuth 2.0 and OpenID Connect (OIDC) on CLI. It allows simple and easy user interaction with Authorization Code Grant Flow and a local server.

Index

Constants

View Source 
const DefaultLocalServerSuccessHTML = `` /* 474-byte string literal not displayed */

DefaultLocalServerSuccessHTML is a default response body on authorization success.

Variables

This section is empty.

Functions

func GetToken added in v1.4.0 

func GetToken(ctx context.Context, cfg Config) (*oauth2.Token, error)

GetToken performs the Authorization Code Grant Flow and returns a token received from the provider. See https://tools.ietf.org/html/rfc6749#section-4.1

This performs the following steps:

  1. Start a local server at the port.
  2. Open a browser and navigate it to the local server.
  3. Wait for the user authorization.
  4. Receive a code via an authorization response (HTTP redirect).
  5. Exchange the code and a token.
  6. Return the code.

Types

type Config added in v1.4.0 

type Config struct {
	// OAuth2 config.
	// If the RedirectURL field is not set, default to http://localhost with the allocated port and LocalServerCallbackPath.
	// If the RedirectURL field is set, make sure it matches the LocalServerBindAddress and LocalServerCallbackPath.
	OAuth2Config oauth2.Config

	// Options for an authorization request.
	// You can set oauth2.AccessTypeOffline or oauth2.S256ChallengeOption.
	AuthCodeOptions []oauth2.AuthCodeOption

	// Options for a token request.
	// You can set oauth2.VerifierOption.
	TokenRequestOptions []oauth2.AuthCodeOption

	// State parameter in the authorization request.
	// Default to a string of random 32 bytes.
	State string

	// Candidates of hostname and port which the local server binds to.
	// You can set port number to 0 to allocate a free port.
	// If multiple addresses are given, it will try the ports in order.
	// If nil or an empty slice is given, it defaults to "127.0.0.1:0" i.e. a free port.
	LocalServerBindAddress []string

	// A PEM-encoded certificate, and possibly the complete certificate chain.
	// When set, the server will serve TLS traffic using the specified
	// certificates. It's recommended that the public key's SANs contain
	// the loopback addresses - 'localhost', '127.0.0.1' and '::1'
	LocalServerCertFile string

	// A PEM-encoded private key for the certificate.
	// This is required when LocalServerCertFile is set.
	LocalServerKeyFile string

	// Callback path of the local server.
	// If your provider requires a specific path of the redirect URL, set this field.
	// Default to none.
	LocalServerCallbackPath string

	// Response HTML body on authorization completed.
	// Default to DefaultLocalServerSuccessHTML.
	LocalServerSuccessHTML string

	// Middleware for the local server.
	// Default to none.
	LocalServerMiddleware func(h http.Handler) http.Handler

	// A channel to send the local server URL when it is ready.
	// Default to none.
	LocalServerReadyChan chan<- string

	// Redirect URL upon successful login
	SuccessRedirectURL string

	// Redirect URL upon failed login
	FailureRedirectURL string

	// Logger function for debug.
	Logf func(format string, args ...interface{})
}

Config represents a config for GetToken.

Source Files

View all Source files

Directories

Path Synopsis
e2e_test
authserver
Package authserver provides a stub server of the OAuth 2.0 authorization server.
 Package authserver provides a stub server of the OAuth 2.0 authorization server.
client
Package oauth2params provides the generators of parameters such as state and PKCE.
 Package oauth2params provides the generators of parameters such as state and PKCE.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.