diff --git a/command/oauth/cmd.go b/command/oauth/cmd.go index e44f0b00..17facd9b 100644 --- a/command/oauth/cmd.go +++ b/command/oauth/cmd.go @@ -75,8 +75,56 @@ func init() { **step oauth** [**--account**=] [**--authorization-endpoint**= **--token-endpoint**=] [**--scope**= ...] [**--bare** [**--oidc**]] [**--header** [**--oidc**]] -**step oauth** **--account**= **--jwt** [**--scope**= ...] [**--header**] [**-bare**] -`, +**step oauth** **--account**= **--jwt** [**--scope**= ...] [**--header**] [**-bare**]`, + Description: `**step oauth** command implements the OAuth 2.0 authorization flow. + +OAuth is an open standard for access delegation, commonly used as a way for +Internet users to grant websites or applications access to their information on +other websites but without giving them the passwords. This mechanism is used by +companies such as Amazon, Google, Facebook, Microsoft and Twitter to permit the +users to share information about their accounts with third party applications or +websites. Learn more at https://en.wikipedia.org/wiki/OAuth. + +This command by default performs he authorization flow with a preconfigured +Google application, but a custom one can be set combining the flags +**--client-id**, **--client-secret**, and **--provider**. The provider value +must be set to the OIDC discovery document (.well-known/openid-configuration) +endpoint. If Google is used this flag is not necessary, but the appropriate +value would be be https://accounts.google.com or +https://accounts.google.com/.well-known/openid-configuration + +## EXAMPLES + +Do the OAuth 2.0 flow using the default client: +''' +$ step oauth +''' + +Redirect to localhost instead of 127.0.0.1: +''' +$ step oauth --listen localhost:0 +''' + +Redirect to a fixed port instead of random one: +''' +$ step oauth --listen :10000 +''' + +Get just the access token: +''' +$ step oauth --bare +''' + +Get just the OIDC token: +''' +$ step oauth --oidc --bare +''' + +Use a custom OAuth2.0 server: +'''' +$ step oauth --client-id my-client-id --client-secret my-client-secret \ + --provider https://example.org +'''`, Flags: []cli.Flag{ cli.StringFlag{ Name: "provider, idp",