crypt/step-ca-cli
1
0
Fork 0
mirror of https://github.com/smallstep/cli.git synced 2025-08-09 03:22:43 +03:00
Code Activity

Add some docs to the oauth command.

Browse Source
This commit is contained in:
Mariano Cano
2020-05-05 15:23:05 -07:00
parent 1b5697ee0b
commit dbae19a43e
1 changed files with 50 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
command/oauth/cmd.go
View File

@@ -75,8 +75,56 @@ func init() {
**step oauth** [**--account**=<account>] [**--authorization-endpoint**=<authorization-endpoint> **--token-endpoint**=<token-endpoint>]
[**--scope**=<scope> ...] [**--bare** [**--oidc**]] [**--header** [**--oidc**]]
**step oauth** **--account**=<account> **--jwt** [**--scope**=<scope> ...] [**--header**] [**-bare**]
`,
**step oauth** **--account**=<account> **--jwt** [**--scope**=<scope> ...] [**--header**] [**-bare**]`,
Description: `**step oauth** command implements the OAuth 2.0 authorization flow.
OAuth is an open standard for access delegation, commonly used as a way for
Internet users to grant websites or applications access to their information on
other websites but without giving them the passwords. This mechanism is used by
companies such as Amazon, Google, Facebook, Microsoft and Twitter to permit the
users to share information about their accounts with third party applications or
websites. Learn more at https://en.wikipedia.org/wiki/OAuth.
This command by default performs he authorization flow with a preconfigured
Google application, but a custom one can be set combining the flags
**--client-id**, **--client-secret**, and **--provider**. The provider value
must be set to the OIDC discovery document (.well-known/openid-configuration)
endpoint. If Google is used this flag is not necessary, but the appropriate
value would be be https://accounts.google.com or
https://accounts.google.com/.well-known/openid-configuration
## EXAMPLES
Do the OAuth 2.0 flow using the default client:
'''
$ step oauth
'''
Redirect to localhost instead of 127.0.0.1:
'''
$ step oauth --listen localhost:0
'''
Redirect to a fixed port instead of random one:
'''
$ step oauth --listen :10000
'''
Get just the access token:
'''
$ step oauth --bare
'''
Get just the OIDC token:
'''
$ step oauth --oidc --bare
'''
Use a custom OAuth2.0 server:
''''
$ step oauth --client-id my-client-id --client-secret my-client-secret \
--provider https://example.org
'''`,
Flags: []cli.Flag{
cli.StringFlag{
Name: "provider, idp",