FYI, A few years ago I did a demonstration on OpenID Connect at Cloud Identity Summit using a collection of bash scripts and command-line utilities (nc, jq). I used the macOS system command ‘open’ to launch a browser, and netcat to field the response as a poor man’s HTTP endpoint. The code for that presentation is at https://github.com/dwaite/Presentation-Code-OpenID-Connect-Dynamic-Client-Registration
A few options for the user challenge/consent portion of the authentication are: - pop up the system browser (you can use window.close() to dismiss on redirect back to your client) - thats the one I used. - device flow - use a console browser like lynx or ELinks (which has rudimentary ecmascript support at a fairly big cost) - use non-HTML request/response API (around some custom MIME type) to drive a user agent through the authentication/scope approval/etc stages of your AS - punt and use resource owner credentials grant. -DW > On Jun 12, 2017, at 7:29 AM, Hollenbeck, Scott <shollenb...@verisign.com> > wrote: > > From: OAuth [mailto:oauth-boun...@ietf.org <mailto:oauth-boun...@ietf.org>] > On Behalf Of Bill Burke > Sent: Monday, June 12, 2017 9:23 AM > To: Aaron Parecki <aa...@parecki.com <mailto:aa...@parecki.com>> > Cc: OAuth WG <oauth@ietf.org <mailto:oauth@ietf.org>> > Subject: [EXTERNAL] Re: [OAUTH-WG] oauth with command line clients > > I've read about these techniques, but, its just not a good user experience. > I'm thinking more of something where the command line console is the sole > user agent and the auth server drives a plain text based interaction much > like an HTTP Server drives interaction with HTML and the browser. > > This isn't anything complex. It should be a simple protocol, but I'd like to > piggy back on existing solutions to build some consensus around what I think > is a common issue with using OAuth. If there isn't anything going on here in > the OAuth group surrounding this, would be willing to draw up a Draft if > there is interest. > > [SAH] I’m certainly interested! I have a use case for federated client > authentication and authorization for the Registration Data Access Protocol > (RDAP) that has the same need for command line web service clients like wget > and curl. > > Scott > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
