FlorianZ/heroku-oauth

Command line plugin to manage OAuth clients/authorizations

Heroku OAuth

Command line plugin for managing OAuth clients, authorizations and tokens.

To install:

$ heroku plugins:install https://github.com/heroku/heroku-oauth

Clients

To create a client:

$ heroku clients:create "Amazing" https://amazing-client.herokuapp.com/auth/heroku/callback
=== Registered client "Amazing".
created_at:   2013-06-20T22:04:01-00:00
id:           3e304bda-d376-4278-bdea-6d6c08aa1359
name:         Amazing
redirect_uri: http://localhost:3000
secret:       e6a5f58f-f8a9-49f1-a1a6-d1dd98930ef6
updated_at:   2013-06-20T22:04:01-00:00

Or use the -s / --shell option to pipe output straight to your .env file:

$ heroku clients:create -s Amazing https://amazing-client.herokuapp.com/auth/heroku/callback >> .env
$ cat .env
...
HEROKU_OAUTH_ID=3e304bda-d376-4278-bdea-6d6c08aa1359
HEROKU_OAUTH_SECRET=e6a5f58f-f8a9-49f1-a1a6-d1dd98930ef6

See OAuth clients under your account with:

$ heroku clients
=== OAuth Clients
Amazing  3e304bda-d376-4278-bdea-6d6c08aa1359  https://amazing-client.herokuapp.com/auth/heroku/callback

Show a client:

$ heroku clients:show 3e304bda-d376-4278-bdea-6d6c08aa1359
=== Client Amazing
created_at:   2013-06-20T22:04:01-00:00
id:           3e304bda-d376-4278-bdea-6d6c08aa1359
name:         Amazing
redirect_uri: http://localhost:3000
secret:       e6a5f58f-f8a9-49f1-a1a6-d1dd98930ef6
updated_at:   2013-06-20T22:04:01-00:00

Or use the -s / --shell option to pipe output straight to your .env file:

$ heroku clients:show 3e304bda-d376-4278-bdea-6d6c08aa1359 -s >> .env
$ cat .env
...
HEROKU_OAUTH_ID=3e304bda-d376-4278-bdea-6d6c08aa1359
HEROKU_OAUTH_SECRET=e6a5f58f-f8a9-49f1-a1a6-d1dd98930ef6

Update clients:

$ heroku clients:update 3e304bda-d376-4278-bdea-6d6c08aa1359 --url https://amazing-client.herokuapp.com/auth/heroku/callback
Updated client "Amazing".
created_at:   2013-06-20T22:04:01-00:00
id:           3e304bda-d376-4278-bdea-6d6c08aa1359
name:         Amazing
redirect_uri: https://amazing-client.herokuapp.com/auth/heroku/callback
secret:       e6a5f58f-f8a9-49f1-a1a6-d1dd98930ef6
updated_at:   2013-06-20T22:04:01-00:00

Authorizations

List them:

$ heroku authorizations
=== Authorizations
Amazing                        9e3a4063-b833-432e-ad75-4b0d7195be13  global
Heroku CLI                     676cb46c-7597-4be1-8a6a-f87b9f2f1065  global

Creating

You can create a special user-created authorization against your account that will come with an access token which doesn't expire:

$ heroku authorizations:create --description "For use with Anvil"
Created OAuth authorization.
  ID:          105a7bfa-34c3-476e-873a-b1ac3fdc12fb
  Description: For use with Anvil
  Token:       4cee516c-f8c6-4f14-9edf-fc6ef09cedc5
  Scope:       global

Optionally, you can specify a list of scopes for the authorization:

$ heroku authorizations:create --description "For use with Anvil" --scope identity,read-protected
Created OAuth authorization.
  ID:          105a7bfa-34c3-476e-873a-b1ac3fdc12fb
  Description: For use with Anvil
  Token:       4cee516c-f8c6-4f14-9edf-fc6ef09cedc5
  Scope:       identity, read-protected

The procured token can now be used like an API key:

$ curl -u ":4cee516c-f8c6-4f14-9edf-fc6ef09cedc5" https://api.heroku.com/apps

Revoking

Any authorization on your account can be revoked at any time:

$ heroku authorizations:revoke 105a7bfa-34c3-476e-873a-b1ac3fdc12fb
Revoked authorization from "Another App".