github.com/hashicorp/cap@v0.6.0/oidc/examples/cli/README.md (about)

     1  # cli
     2  
     3  An example OIDC user authentication CLI that supports both the authorization
     4  code (with optional PKCE) and implicit OIDC flows.
     5  
     6  <hr>
     7  
     8  ## Running the CLI
     9  ```
    10  go build
    11  ```
    12  Without any flags, the cli will invoke an authorization code authentication. 
    13  ```
    14  ./cli
    15  ```
    16  
    17  With the `-pkce` flag, the cli will invoke an authorization code with PKCE authentication. 
    18  ```
    19  ./cli -pkce
    20  ```
    21  
    22  With the `-implicit` flag, the cli will invoke an implicit flow authentication. 
    23  ```
    24  ./cli -implicit
    25  ```
    26  
    27  With the `-max-age` flag, the cli will require an authentication not older than
    28  the max-age specified in seconds. 
    29  ```
    30  ./cli -max-age <seconds>
    31  ```
    32  ### Required environment variables
    33  (required if not using the built-in Test Provider. see note below on how-to use this option)
    34  
    35  * `OIDC_CLIENT_ID`: Your Relying Party client id.
    36  * `OIDC_CLIENT_SECRET`: Your Rely Party secret (this is not required for implicit
    37    flows or authorization code with PKCE flows)
    38  * `OIDC_ISSUER`: The OIDC issuer identifier (aka the discover URL)
    39  * `OIDC_PORT`: The port you'd like to use for your callback HTTP listener.
    40  
    41  <hr>
    42  
    43  ### OIDC Provider
    44  
    45  You must configure your provider's allowed callbacks to include:
    46  `http://localhost:{OIDC_PORT}/callback` (where OIDC_PORT equals whatever you've set
    47  the `OIDC_PORT` environment variable equal to).   
    48  
    49  For example, if you set `OIDC_PORT` equal to
    50  `3000` the you must configure your provider to allow callbacks to:
    51  `http://localhost:3000/callback`
    52  
    53  <hr>
    54  
    55  ### OIDC Provider PKCE support. 
    56  Many providers require you to explicitly enable the authorization code with
    57  PKCE.  Auth0 for example requires you to set your application type as: Native or
    58  Single Page Application if you wish to use PKCE. 
    59  
    60  <hr>
    61  
    62  ### Built-in Test Provider 
    63  We've add support to use a built in Test OIDC Provider into the CLI example.
    64  You simply pass the `-use-test-provider` option on the CLI and the Test Provider
    65  will be configured and started on an available localhost port.  The Test
    66  Provider only allows you to login with one user which is `alice` with a password
    67  of `fido`.  This very simple Test Provider option removes the dependency of
    68  creating a test account with a "real" provider, if you just want to run the CLI
    69  and see it work.
    70  
    71