Reputation: 99
How to use OAuth2 for CLI?
I am building client and server application to work together. Both applications are built using node. The server app will be hosted, and client app will be available to users for download. For authentication I decided to use OAuth 2.
According OAuth specification it involve client entity which consist of client id and client secret. I understand why and how that should be used in term of web service where user grant access to specific website, but I don't understand how that should feet in CLI app where both could be accessible to any user.
For my perspective it makes no sense to hardcode client id and client secret somewhere in the code. Could someone explain me how that should work for that kind of applications?
Upvotes: 3
Views: 1254
Answers (1)
Reputation: 99
After struggling few days and reading RFC, finally pieces came to my mind. In my case the correct flow is password grant. For anyone else who need to make similar decision, which flow to use, I can recommend reading this explanation:
http://oauth2.thephpleague.com/authorization-server/which-grant/
Upvotes: 5
Related Questions
- How can I update each dependency in package.json to the latest version?
- How to exit in Node.js
- How do I pass command line arguments to a Node.js program and receive them?
- What is the --save option for npm install?
- map function for objects (instead of arrays)
- What is the purpose of the implicit grant authorization type in OAuth 2?
- What is the purpose of Node.js module.exports and how do you use it?
- How does OAuth 2 protect against things like replay attacks using the Security Token?
- What is the difference between the OAuth Authorization Code and Implicit workflows? When to use each one?
- How to decide when to use Node.js?