Authorizing OAuth Apps Device flow client_id exposure

[groteck]

Select Topic Area

Question

Body

I'm implementing a CLI tool and I was wondering:

How I should handle the client_id parameter in the first step?.

Since is a CLI tool this parameter needs to be available in the CLI bundle/binary, the nature of the app is that the user installs the CLI locally so this code will be expose (in some cases in the code in others in the binary). I imagine, that in that case, it will be better doing the Oauth process in a classic server and frontend manner and then giving the user token to the CLI, but since is an Open source CLI. I was trying to avoid the extra cost of having a server.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬