OAuth2 Support in Cobra Through Integration or Libraries

[michaelbeutler]

While building an internal CLI tool with Cobra, I needed to integrate authentication with our backend services using OAuth2. Specifically, I was looking to implement the [device authorization flow](https://datatracker.ietf.org/doc/html/rfc8628). However, I found that there wasn’t an easy-to-use library for this purpose that integrates well with Cobra.

Suggestion

To address this, I started developing a library, [cobra-oauth2](https://github.com/nauthera/cobra-oauth2), aimed at simplifying the integration of OAuth2 flows into Cobra-based CLI tools. The library is in its early stages and currently supports basic features, but it is designed to be easy to use and extend.

Here’s a basic example of how to use cobra-oauth2:

Example Usage

1. Main Application Setup

Define your main entry point and execute your Cobra CLI:

package main

import "github.com/nauthera/cobra-oauth2/examples/basic/cmd"

func main() {
	cmd.Execute()
}

2. Root Command Setup

Set up the root command and initialize OAuth2 commands:

package cmd

import (
	"net/url"
	"os"

	"github.com/nauthera/cobra-oauth2/pkg/auth"
	"github.com/nauthera/cobra-oauth2/pkg/storage"
	"github.com/spf13/cobra"
)

const CLIENT_ID = "my-client-id"

var rootCmd = &cobra.Command{
	Use: "cobra-oauth2",
}

func Execute() {
	err := rootCmd.Execute()
	if err != nil {
		os.Exit(1)
	}
}

func init() {
	discoveryUrl, err := url.Parse("https://foo-bar.nauthera.io/.well-known/openid-configuration")
	if err != nil {
		rootCmd.PrintErr("error parsing discovery URL: ", err)
		return
	}

	storageProvider := storage.NewKeyringStorage(CLIENT_ID)

	options := []auth.Option{
		auth.WithDiscoveryURL(*discoveryUrl),
		auth.WithClientID(CLIENT_ID),
		auth.WithStorageProvider(storageProvider),
	}

	rootCmd.AddCommand(
		auth.NewLoginCommand(options...),
		auth.NewTokenCommand(options...),
		auth.NewLogoutCommand(options...),
	)
}

Question for the Community

1. Is there a specific need or demand for an OAuth2 library that integrates seamlessly with Cobra?
2. Does Cobra’s core maintainers or the community recommend any existing solutions I may have overlooked?
3. Would it make sense to provide guidance on how to handle such cases?

Contribution

I’d love feedback on the design and implementation of cobra-oauth2. Contributions and ideas for extending its capabilities (e.g., support for additional OAuth2 flows, enhanced storage mechanisms, etc.) are welcome!

Repo: https://github.com/nauthera/cobra-oauth2

[jpmcb]

Interesting: it seems the design is sane. Your root command executes some of the components from the library which is how I've seen this type of flow work in other cases. One thing I've thought about and wondered if it makes sense to bring into cobra is an idea of command "middleware" that developers can build into all commands that have registered middleware.

Is there a specific need or demand for an OAuth2 library that integrates seamlessly with Cobra?

From a spf13/cobra standpoint, probably not: our aim is not to be prescriptive on what gets built but rather enable CLI developers to build whatever.

[michaelbeutler]

I agree that Cobra is an incredibly powerful tool for building CLI applications, but there seems to be an opportunity to further enhance its extensibility. It would be fantastic if there was a built-in plugin feature that would allow users to easily extend their Cobra-based CLI apps without directly modifying the core codebase.

Here’s an idea for a potential plugin interface that could be added:

// Plugin is an interface that all plugins must implement
type Plugin interface {
	// Initialize the plugin
	Initialize() error

	// AddCommands adds commands to the given root command
	AddCommands(rootCmd *cobra.Command) error
}

[jpmcb]

Yeah, this is something we faced when building Tanzu Community Edition at VMware: there's not a great way to extend the existing capabilities of a CLI without either

a) modifying the core code / libraries
b) calling other programs through os.Exec

Thoughts on a plugin system @marckhouzam ? What has Tanzu been doing more recently?