Allow running OAuth 2.0 Authorization Code workflow with local HTTPS server

danielgtaylor / restish

Restish is a CLI for interacting with REST-ish HTTP APIs with some nice features built-in

https://rest.sh/

MIT License

754 stars 71 forks source link

Allow running OAuth 2.0 Authorization Code workflow with local HTTPS server #31

Open gdavison opened 3 years ago

gdavison commented 3 years ago

The OAuth 2.0 Authorization Code workflow currently runs a local HTTP server to handle redirects. Some APIs, such as the Destiny API, do not allow HTTP redirect URLs to be configured.

A configuration option could be added to serve the redirect handler with HTTPS with a provided certificate, or restish could generate its own certificate.

danielgtaylor commented 3 years ago

I'm willing to add this if someone wants to write the code :+1:

gdavison commented 3 years ago

I can write it up. I have a hacked-up version already, but it only does HTTPS now 😂 The config should be easy enough.

Design question: should each service potentially have its own certificates, or can they share a key? If shared, do they need to be stable, or generated if needed? Generated if needed seems like the simplest option, with an enhancement if specific certificates are needed for a service.