Which Authorization Flow?

My service is an SaaS API for which I am writing a Go based CLI. The SaaS is multi tenant and my customers will first need to log into their domain on my API via the CLI before they can proceed executing other commands.

I want my customers to be able to sign up for my service and authenticate using their GitHub credentials or GitHub token.

The CLI is open source so I can’t embed a client secret and I can’t process any HTTP redirects since it’s all command line. The credentials provided by my users would be their GitHub username/pass or token. I don’t actually need access to any of their GitHub repos, I just want to authenticate against GitHub.

Trying to figure out which Authorization Flow I should be using?

OK, so maybe my question wasn’t very clear. Here is the user experience I am after:

  1. User goes to my site and signs up using their GitHub credentials using Universal Login provided by auth0. Signing up gives this user default read permissions to my API. (This part is working as I created the connection to GitHub and was able to see a user created in auth0 with a source of GitHub).

  2. User tries to interact with my API via a CLI tool written in Go which I distribute using GitHub as SSO provider. The user enters their GitHub credentials or oauth token at the terminal cli and gains access to my API. (I was hoping auth0 would take the user’s GitHub credentials, authenticate against GitHub API, if OK, issue a JWT token back to the CLI tool which can be used to make calls to my API)

First, enable the Github social connection in the dashboard.
Then use the Device Flow with your CLI app.


Other resources: