Closed MartinKolarik closed 1 week ago
How about we remove --with-token? And just keep login. If there's nothing after it then browser flow, if there's a string after it then save token.
The token will be read from stdin
, not as an argument, that's why there is the flag. Passing tokens directly as arguments is a bad practice for security reasons, that's why virtually any CLI does it this way.
@radulucut I added details to my original post, and everything you need should be ready now. You should also be able to log in with your GitHub account at https://dash.globalping.io/ and test all parts of the functionality.
auth login
- prints a link to open the web browser; the user signs in there and doesn't have to do anything else; then token is created and stored automaticallyauth login --with-token
- reads and stores a token manually provided by the user via stdinauth status
shows if there is a token stored or notauth logout
removes the stored token (+ deletes from DB if it was created directly by the cli)Implementation details
authorization_code
andrefresh_token
grants.be231712-03f4-45bf-9f15-023506ce0b72
public
as the valuemeasurements
Login:
~/.globalping-cli
. Redirect the user to https://dash.globalping.io/authorize/success if everything worked or https://dash.globalping.io/authorize/error if the token response failed. Shut down the local server.Login with token:
active: true
). Store the token or print an error.Auth status:
Logout:
Notes on token handling
The oauth tokens will have an expiration of 30 days for the access token and 180 days for the refresh token. The
refresh_token
grant can be used to get a new pair of tokens. Store the expiration locally, and:Make sure
auth status
works when the token is set via the ENV var too.