Skip to content

[FEATURE] Native OAuth 2.0 & JWT Authentication Flows #2

Description

@kavix

Currently, kurl supports manual header-based auth (-H "Authorization: Bearer ..."), but lacks built-in OAuth 2.0 flows. Users must manually obtain tokens via external tools or browser flows.

Proposed Implementation:
kurl --oauth2-authorization-code --client-id xxx --client-secret yyy --token-url https://oauth.server/token kurl --oauth2-client-credentials --client-id xxx --client-secret yyy kurl --jwt-token <token> with auto-refresh support via --jwt-refresh-url

Token caching in ~/.kurl/tokens/ with expiration awareness

Why this matters: Modern APIs (GitHub, Google, AWS, Stripe) predominantly use OAuth 2.0. Manual token management is error-prone and insecure.

Acceptance Criteria:
[ ] Support Authorization Code flow with PKCE
[ ] Support Client Credentials flow
[ ] Support implicit Bearer token injection
[ ] Token auto-refresh before expiry
[ ] Secure token storage (OS keychain integration if possible)

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions