Currently, kurl supports manual header-based auth (-H "Authorization: Bearer ..."), but lacks built-in OAuth 2.0 flows. Users must manually obtain tokens via external tools or browser flows.
Proposed Implementation:
kurl --oauth2-authorization-code --client-id xxx --client-secret yyy --token-url https://oauth.server/token kurl --oauth2-client-credentials --client-id xxx --client-secret yyy kurl --jwt-token <token> with auto-refresh support via --jwt-refresh-url
Token caching in ~/.kurl/tokens/ with expiration awareness
Why this matters: Modern APIs (GitHub, Google, AWS, Stripe) predominantly use OAuth 2.0. Manual token management is error-prone and insecure.
Acceptance Criteria:
[ ] Support Authorization Code flow with PKCE
[ ] Support Client Credentials flow
[ ] Support implicit Bearer token injection
[ ] Token auto-refresh before expiry
[ ] Secure token storage (OS keychain integration if possible)
Currently, kurl supports manual header-based auth (-H "Authorization: Bearer ..."), but lacks built-in OAuth 2.0 flows. Users must manually obtain tokens via external tools or browser flows.
Proposed Implementation:
kurl --oauth2-authorization-code --client-id xxx --client-secret yyy --token-url https://oauth.server/token kurl --oauth2-client-credentials --client-id xxx --client-secret yyy kurl --jwt-token <token> with auto-refresh support via --jwt-refresh-urlToken caching in ~/.kurl/tokens/ with expiration awareness
Why this matters: Modern APIs (GitHub, Google, AWS, Stripe) predominantly use OAuth 2.0. Manual token management is error-prone and insecure.
Acceptance Criteria:
[ ] Support Authorization Code flow with PKCE
[ ] Support Client Credentials flow
[ ] Support implicit Bearer token injection
[ ] Token auto-refresh before expiry
[ ] Secure token storage (OS keychain integration if possible)