CLI-based authentication without user input


I have an open-source Go-based CLI tool that uses device authorization flow to authorize users in the way described by auth0’s device authz flow documentation. This works great.

I have a secondary use-case for this CLI tool: integrating into continuous integration tools to authorize the user with auth0 without any user interaction. The secure a CLI with auth0 documentation suggests that device authz flow “can be used when a browser cannot be opened”. However, from my understanding, this flow mechanism still requires a browser flow action (step 4) and therefore is not automation-friendly.

The second option, Client Credentials Grant flow, requires embedding the client secret into the requests (and therefore the CLI). From my understanding, since the CI environments my CLI tool would be embedded into are not owned by myself, they should not have access to the client secret. Therefore, I do not believe this option fits my use case.

Finally, I checked the auth API documentation to try to find a relevant endpoint, to no avail.

What is the recommended approach for solving this use case with Auth0?