Hi! I am in the process of building a CLI in golang that should be able to call my node.js express API, which is secured with Auth0.
This scenario requires a number of steps as outlined here: https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce
Unfortunately, aside from a number of snippets, after a day of pretty extensive googling, I’ve not been able to find a complete sample for creating a code verifier and challenge in golang, getting the user’s authorization by opening a web page and redirecting back to a localhost server, extracting the authorization code, and then exchanging that authorization code for an access token.
Unfortunately the golang oauth2 library suite at https://github.com/golang/oauth2 doesn’t seem to include support for PKCE - just for client credentials. But for a CLI, PKCE seems to be a great option - for example the way the “gcloud” CLI authenticates with GCP.
Does a sample like this exist? If not, I believe this kind of sample would be an amazing help for the community!