How to perform user authentication in CLI?
shreyas-a opened this issue · 6 comments
[EDIT] Removing the storage aspect of this issue, as it's been already addressed, so the focus will only be on authentication.
Sounds like a good topic to discuss. We cover that in general at https://github.com/lirantal/nodejs-cli-apps-best-practices#13-stateful-data
What were you thinking about more specifically?
Something like npm login but for accessing Google APIs.
Now Google requires OAuth 2.0 login, for which we need to provide a callback URL, which I guess is not possible in CLI applications. Whereas, npm accepts username & password directly through CLI which they must be encoding before sending to their servers. But since there's no Google API to directly accept username & password, what would be the best approach to achieve this?
Two things of note:
- File storage of any kind (configuration, data, temp, auth) should respect the XDG basedir specification: https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
So if you write your own storage mechanism, be kind to your users and respect the spec!
- For auth information in particular, that data should be stored in
netrchttps://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
Looks like OAuth 2.0 supports setting the callback URL to localhost
Google also provides Node.js SDK for authentication - google-auth-library-nodejs
@jasonkarns we do recommend the configstore module which follows that convention if it that variable exists. Perhaps you want to update that section with some highlights in the Details part?
About authentication - I don't think localhost callback would work or makes sense. Have you seen how the Snyk CLI (snyk) does authentication with Google or GitHub auth? it basically spins up a URL that you visit with a specific token, and then the CLI makes a phone-home periodical pings to check if the account described with this token is registered or not.
I've implemented a similar logic in a personal project.