Sometimes authenticated endpoints and resources need to be accessed such as build systems, continuous integration systems, employee information systems, etc. We have found 2 ways to accomplish these tasks effectively.
Services such as AWS S3 and Google Cloud Storage allow users to interact with files from the command line. We take advantage of this and ask our users to authenticate against the command line interface on first launch. From there on out, we have access to all files in a storage system. We use this fact to distribute binaries, some access tokens (that are rotated weekly), and other files we need to operate.
Sometimes a service provides information to an application on the command line via user-based API tokens. To accomplish this we need to broker a token without knowing a bunch of information like secrets and other helpful information.
Using the cli auth gem, you can create a flow that allows you to generate a code, secret, and url knowing only your client ID. The user then authorizes this request action in a browser using the code and secret which links a user to an authorization request. At the same time we start polling a verification endpoint that returns an unauthorized status until we authorize, at which point an access token is returned.
https://lh5.googleusercontent.com/Yj-2xazvdC7IwtQX3lPfcJnCc-vL4GRSVm064919HwsQQqtIKNQDV0JBGQHRYwuY09k3-cyiOvs1weEZHy9oJ9gdc0BWWw7w_rZluMe8CO5RIPS8w6SoSDjMdmj0YKX3HU40hb5q
https://lh6.googleusercontent.com/t2sbefMJzPDYbGzZK9qtqXWPQbEHWk8ckqVNyptBiqgx9_wIP4VyKMsIyYDa4Gv_kkn3NBQFsx023BENEXdVA787IgLaapbkVx7xh1DMzXxB_YG4P23Pij6MeZMkyi6hJgsZ2Axf
For all other GUI-based applications, oauth and saml are preferred. This is due to the fact that oauth and saml will auto-provision accounts and make the experience cleaner for your developers.