oauth2c

Fetch an access token using client credentials

$ oauth2c [issuer_url] --client-id [client_id] --client-secret [client_secret]

$ oauth2c [issuer_url] --client-id [client_id] --response-types code

$ oauth2c [issuer_url] --client-id [client_id] --pkce

$ oauth2c [issuer_url] --client-id [client_id] --username [username] --password [password]

$ oauth2c [issuer_url] --client-id [client_id] --refresh-token [refresh_token]

$ oauth2c [issuer_url] --client-id [client_id] --scopes [scope1,scope2]

$ oauth2c [issuer_url] --client-id [client_id] --grant-type device_code

$ oauth2c [issuer_url] --client-id [client_id] [[-s|--silent]] --no-browser

oauth2c [GLOBAL_OPTIONS] <command> [COMMAND_OPTIONS] [ARGUMENTS]
oauth2c auth-code --client-id <ID> --client-secret <SECRET> --redirect-uri <URI> --scope <SCOPES> --auth-url <URL> --token-url <URL>
oauth2c client-cred --client-id <ID> --client-secret <SECRET> --scope <SCOPES> --token-url <URL>
oauth2c refresh --client-id <ID> --client-secret <SECRET> --refresh-token <TOKEN> --token-url <URL>
oauth2c introspect --token <TOKEN> --client-id <ID> --client-secret <SECRET> --introspect-url <URL>
oauth2c help <command>

--client-id <ID>
    Specifies the OAuth2 client ID for the application.

--client-secret <SECRET>
    Provides the OAuth2 client secret. Use with caution for security.

--scope <SCOPES>
    A space-separated list of scopes (permissions) requested from the authorization server.

--redirect-uri <URI>
    The callback URI where the authorization server redirects the user after authentication. Required for authorization code flow.

--auth-url <URL>
    The authorization endpoint URL of the OAuth2 provider.

--token-url <URL>
    The token endpoint URL of the OAuth2 provider.

--resource-url <URL>
    An optional URL to access a protected resource after obtaining a token.

--code <CODE>
    The authorization code received from the authorization server (used by `auth-code` command internally or manually).

--refresh-token <TOKEN>
    The refresh token used to obtain new access tokens without re-authentication.

--grant-type <TYPE>
    Explicitly specifies the OAuth2 grant type (e.g., `authorization_code`, `client_credentials`, `refresh_token`). May be implicit via commands.

--verbose
    Enables verbose output, showing more details about the request and response process.

--json
    Outputs results in JSON format, suitable for scripting and parsing.

--output <FORMAT>
    Specifies the output format, e.g., `json`, `text`, `yaml`.

--help
    Displays help information for the command or a specific subcommand.

`oauth2c` is a versatile command-line interface (CLI) tool designed to interact with OAuth2 providers. It simplifies the process of obtaining, refreshing, and managing access tokens, which are crucial for authenticating and authorizing access to protected resources. This utility is invaluable for developers, testers, and system administrators who need to integrate with OAuth2-secured APIs, test authentication flows, or automate token acquisition in scripts.

It typically supports various OAuth2 grant types, such as the Authorization Code Grant, Client Credentials Grant, and Refresh Token Grant, allowing users to simulate different client behaviors. By providing parameters like client ID, client secret, scopes, and redirect URIs, `oauth2c` streamlines complex OAuth2 handshakes, making it easier to debug issues and quickly obtain valid tokens without building a full client application. Its output can often be configured for human readability or machine-parseable formats like JSON, facilitating integration into automated workflows.

This command, `oauth2c`, is not a standard utility found in most Linux distributions by default. Its availability and exact functionality depend on its specific implementation (e.g., a Go-based client). Users should be aware of the following:

* Installation Required: It typically needs to be installed separately, often compiled from source or obtained as a pre-built binary.
* Security Risks: Passing sensitive information like client secrets or tokens directly on the command line can expose them in shell history or process listings. Consider using environment variables, configuration files, or interactive prompts for better security practices.
* Implementation Variations: Different versions or forks of `oauth2c` might have varying options, subcommands, or behaviors, requiring users to consult the specific documentation for their version.
* Network Dependency: Requires an active internet connection to communicate with OAuth2 providers.

Obtain an Authorization Code Token:
oauth2c auth-code --client-id "my_app_id" --client-secret "my_app_secret" --redirect-uri "http://localhost:8080/callback" --scope "profile email" --auth-url "https://provider.com/oauth/authorize" --token-url "https://provider.com/oauth/token"
This command would typically open a browser for user consent and then exchange the received code for tokens.

Obtain a Client Credentials Token:
oauth2c client-cred --client-id "service_app" --client-secret "service_secret" --scope "api_access" --token-url "https://provider.com/oauth/token" --json
This directly requests an access token using only client credentials, outputting the result in JSON.

Refresh an Access Token:
oauth2c refresh --client-id "my_app_id" --client-secret "my_app_secret" --refresh-token "previous_refresh_token" --token-url "https://provider.com/oauth/token"
Uses a stored refresh token to get a new access token, preventing repeated user logins.

For production environments or sensitive applications, avoid storing tokens directly in scripts or shell history. Consider using environment variables, secure credential stores, or interactive prompts that prevent sensitive data from being logged. Implement proper error handling and refresh token rotation strategies for robust applications.

The concept behind `oauth2c` emerged with the increasing adoption of the OAuth2 framework for delegated authorization across web and mobile applications. As OAuth2 gained prominence, developers required simple, scriptable tools to test their integrations, obtain tokens quickly for development purposes, and automate tasks involving secure API access.

While no single, universally recognized `oauth2c` standard exists, various implementations have been developed, often in languages like Go (hence `oauth2c` being a common naming convention for Go-based clients) or Python. These tools filled a crucial gap between complex SDKs and raw HTTP clients like `curl`, offering a more structured and OAuth2-aware command-line interface. Their development reflects a broader trend towards making authentication and authorization workflows more accessible and manageable for developers directly from the terminal.

curl(1), wget(1), jq(1), openssl(1), python(1)