OAuth2c: A User-Friendly OAuth CLI Tool
oauth2c
is a command-line interface tool designed to enhance interactions with OAuth 2.0 authorization servers. Created by Cloudentity, its primary role is to simplify the process of fetching access tokens using various grant types and client authentication methods. It is compatible with a wide range of OAuth 2.0 specifications, including OpenID Connect (OIDC), the Open Identity Foundation Financial-grade API (OIDF FAPI), and JSON Web Token (JWT) profiles.
Key Features
oauth2c
boasts a robust feature set tailored for developers and IT professionals who work with OAuth 2.0. Here's an overview of its capabilities:
- Supports multiple grant flows, including:
- Authorization code
- Hybrid
- Implicit
- Password
- Client credentials
- Refresh token
- JWT bearer
- Token exchange
- Device grant flows
- Offers a range of client authentication methods like:
- Client secret basic
- Client secret post
- Client secret JWT
- Private key JWT
- TLS client authentication
- Allows passing request parameters in various forms, such as plaintext, signed, and/or encrypted JWT.
- Supports several advanced features for secure and efficient token handling:
- Proof Key for Code Exchange (PKCE)
- JWT Secured Authorization Response Mode (JARM)
- Pushed Authorization Requests (PAR)
- Demonstration of Proof of Possession (DPoP)
- Rich Authorization Requests (RAR)
Installation
Installing oauth2c
is straightforward and varies slightly based on your operating system:
On Mac
You can swiftly install it using the Homebrew package manager with the following command:
brew install cloudentity/tap/oauth2c
On Linux
For Linux systems, you have the option to run the installation script using curl:
curl -sSfL https://raw.githubusercontent.com/cloudentity/oauth2c/master/install.sh | sudo sh -s -- -b /usr/local/bin latest
Alternatively, you can explore the packages page for additional installation instructions using package managers.
Compile from Source
Developers who prefer building from the source can compile oauth2c
using Go:
go install github.com/cloudentity/oauth2c@latest
Moreover, pre-built binaries are available for download from the releases page.
Usage
To utilize oauth2c
, execute the command along with the issuer URL and desired flags:
oauth2c [issuer url] [flags]
The tool opens a browser for authorization code flows, acting as a client application to await a callback. It also logs all requests made to acquire access tokens, facilitating integration with CI/CD pipelines through a --silent
flag option.
Grant Types
oauth2c
supports diverse grant types tailored to different application needs:
- Authorization Code Grant: Used primarily by server-side applications, involving user permission before exchanging an authorization code for an access token.
- Implicit Grant: Mostly for single-page or mobile applications, returning an access token directly to the client.
- Hybrid Grant: Combines the advantages of both authorization code and implicit grants.
- Client Credentials Grant: Suitable for server-to-server communications, where the client authenticates with its credentials.
- Refresh Token Grant: Allows clients to refresh access tokens without user interaction.
- Password Grant: Utilized in secure environments to exchange username and password for an access token.
- Device Grant: Designed for non-interactive devices to facilitate user authentication indirectly.
- JWT Bearer Grant: Involves sending a JWT to acquire an access token.
- Token Exchange Grant: Secures a new access token using an existing one, useful in environments with established trust.
Client Authentication Methods
- Client Secret Basic: Uses HTTP Basic authentication, straightforward but less secure.
- Client Secret Post: Embeds client credentials in the request body for added security.
- Client Secret JWT: Sends signed JWTs instead of raw secrets, enhancing security.
- Private Key JWT: Relies on private keys for signing JWTs, providing a superior security level.
- TLS Client Authentication: Utilizes client certificates during TLS handshake for identity verification.
In summary, oauth2c
offers a comprehensive suite of tools suitable for developers working with OAuth 2.0 protocols, providing ease of use, flexibility, and advanced security features tailored for modern application environments.