Dear reader, thank you for the awesome service! Event though there seems an extreme amount of different authentication scenarios considered I get frustrated by the fact that there doesn’t seem to be any documentation on how to setup an authentication mechanism that can be run on the client’s computer but without any graphical shell available. Think Heroku CLI, the user has an account on my service but I want the user to login on his server and use the platform without any graphical shell being available. I’ve considered the following
- Use the https://auth0.com/docs/api-auth/tutorials/password-grant, but this comes with the client secret which I understand should not be handed out to untrusted parties. Or is this an exception? what are the consequences?
- Use a local http server that the authentication flow can redirect to, but this requires a web browser to be shown to the user which is not possible on headless machines without a graphical shell
- Ask the user to copy some url in a machine with a graphical shell, this is a terrible user experience that might not be an option
I don’t understand fully why this seemingly simple usecase cannot be covered by any of the approaches or I’m missing something obvious.