1 | # Heroku OAuth [![CircleCI](https://circleci.com/gh/heroku/heroku-cli-oauth.svg?style=svg)](https://circleci.com/gh/heroku/heroku-cli-oauth)
|
2 | [![Code Climate](https://codeclimate.com/github/heroku/heroku-cli-oauth/badges/gpa.svg)](https://codeclimate.com/github/heroku/heroku-cli-oauth)
|
3 | [![codecov](https://codecov.io/gh/heroku/heroku-cli-oauth/branch/master/graph/badge.svg)](https://codecov.io/gh/heroku/heroku-cli-oauth)
|
4 | [![npm version](https://badge.fury.io/js/heroku-cli-oauth.svg)](https://badge.fury.io/js/heroku-cli-oauth)
|
5 | [![License](https://img.shields.io/github/license/heroku/heroku-cli-oauth.svg)](https://github.com/heroku/heroku-cli-oauth/blob/master/LICENSE)
|
6 |
|
7 | [![js-standard-style](https://cdn.rawgit.com/feross/standard/master/badge.svg)](https://github.com/feross/standard)
|
8 |
|
9 | Command line plugin for managing OAuth clients, authorizations and tokens.
|
10 |
|
11 | No need to install, this plugin comes built into the Heroku CLI.
|
12 |
|
13 | ### Clients
|
14 |
|
15 | To create a client:
|
16 |
|
17 | ``` bash
|
18 | $ heroku clients:create "Amazing" https://amazing-client.herokuapp.com/auth/heroku/callback
|
19 | Creating Amazing... done
|
20 | HEROKU_OAUTH_ID=3e304bda-d376-4278-bdea-6d6c08aa1359
|
21 | HEROKU_OAUTH_SECRET=e6a5f58f-f8a9-49f1-a1a6-d1dd98930ef6
|
22 | ```
|
23 |
|
24 | See OAuth clients under your account with:
|
25 |
|
26 | ``` bash
|
27 | $ heroku clients
|
28 | Amazing 3e304bda-d376-4278-bdea-6d6c08aa1359 https://amazing-client.herokuapp.com/auth/heroku/callback
|
29 | ```
|
30 |
|
31 | Get details about a client:
|
32 | ```bash
|
33 | $ heroku clients:info 36120128-fee7-455e-8b7f-807aee130946
|
34 | === Amazing
|
35 | created_at: 2016-01-21T02:11:57Z
|
36 | id: 36120128-fee7-455e-8b7f-807aee130946
|
37 | name: Amazing
|
38 | redirect_uri: https://amazing-client.herokuapp.com/auth/heroku/callback
|
39 | secret: a14cf558-60b8-44f2-a804-3b249b48aa57
|
40 | updated_at: 2016-01-21T02:11:57Z
|
41 | ```
|
42 |
|
43 | Update clients:
|
44 |
|
45 | ``` bash
|
46 | $ heroku clients:update 3e304bda-d376-4278-bdea-6d6c08aa1359 --url https://amazing-client.herokuapp.com/auth/heroku/callback
|
47 | Updated Amazing... done
|
48 | ```
|
49 |
|
50 | ### Authorizations
|
51 |
|
52 | List them:
|
53 |
|
54 | ``` bash
|
55 | $ heroku authorizations
|
56 | Amazing 9e3a4063-b833-432e-ad75-4b0d7195be13 global
|
57 | Heroku CLI 676cb46c-7597-4be1-8a6a-f87b9f2f1065 global
|
58 | ```
|
59 |
|
60 | #### Creating
|
61 |
|
62 | You can create a special user-created authorization against your account that will come with an access token which doesn't expire:
|
63 |
|
64 | ``` bash
|
65 | $ heroku authorizations:create --description "For use with Anvil"
|
66 | Created OAuth authorization.
|
67 | ID: 105a7bfa-34c3-476e-873a-b1ac3fdc12fb
|
68 | Description: For use with Anvil
|
69 | Token: 4cee516c-f8c6-4f14-9edf-fc6ef09cedc5
|
70 | Scope: global
|
71 | ```
|
72 |
|
73 | You can also pass in short output format to only output the token.
|
74 |
|
75 | ```bash
|
76 | $ heroku authorizations:create --output-format short
|
77 | nec6a9b6-b21a-4ba1-il95-70zd47e14c4d
|
78 | ```
|
79 |
|
80 | Another option allows for tokens that expire. This token expires in 10 seconds.
|
81 | ```
|
82 | $ heroku authorizations:create --expires-in 10
|
83 | Created OAuth authorization.
|
84 | Client: <none>
|
85 | ID: 2231biha6-5b1e-4268-ba04-2ee7b74m2gf6
|
86 | Description: Long-lived user authorization
|
87 | Scope: global
|
88 | Token: 9aa5d667-fg37-4028-8dc9-b2191b5z5966
|
89 | ```
|
90 |
|
91 | A combination of short format and expires-in can be handy to pass into a job that needs access to heroku:
|
92 |
|
93 | ``` bash
|
94 | $ heroku run "HEROKU_EMAIL=`heroku auth:whoami` HEROKU_API_KEY=`heroku authorizations:create --expires-in 120 --output-format short` ./my_job.sh" -a myapp
|
95 | ```
|
96 |
|
97 |
|
98 | Optionally, you can specify a list of scopes for the authorization:
|
99 |
|
100 | ``` bash
|
101 | $ heroku authorizations:create --description "For use with Anvil" --scope identity,read-protected
|
102 | Created OAuth authorization.
|
103 | ID: 105a7bfa-34c3-476e-873a-b1ac3fdc12fb
|
104 | Description: For use with Anvil
|
105 | Token: 4cee516c-f8c6-4f14-9edf-fc6ef09cedc5
|
106 | Scope: identity, read-protected
|
107 | ```
|
108 |
|
109 | The procured token can now be used like an API key:
|
110 |
|
111 | ``` bash
|
112 | $ curl -u ":4cee516c-f8c6-4f14-9edf-fc6ef09cedc5" https://api.heroku.com/apps
|
113 | ```
|
114 |
|
115 |
|
116 | #### Revoking
|
117 |
|
118 | Any authorization on your account can be revoked at any time:
|
119 |
|
120 | ``` bash
|
121 | $ heroku authorizations:revoke 105a7bfa-34c3-476e-873a-b1ac3fdc12fb
|
122 | Revoked authorization from "Another App".
|
123 | ```
|
124 |
|
125 | * [`heroku authorizations`](#heroku-authorizations)
|
126 | * [`heroku authorizations:create`](#heroku-authorizationscreate)
|
127 | * [`heroku authorizations:info ID`](#heroku-authorizationsinfo-id)
|
128 | * [`heroku authorizations:revoke ID`](#heroku-authorizationsrevoke-id)
|
129 | * [`heroku authorizations:rotate ID`](#heroku-authorizationsrotate-id)
|
130 | * [`heroku authorizations:update ID`](#heroku-authorizationsupdate-id)
|
131 | * [`heroku clients`](#heroku-clients)
|
132 | * [`heroku clients:create NAME REDIRECT_URI`](#heroku-clientscreate-name-redirect-uri)
|
133 | * [`heroku clients:destroy ID`](#heroku-clientsdestroy-id)
|
134 | * [`heroku clients:info ID`](#heroku-clientsinfo-id)
|
135 | * [`heroku clients:rotate ID`](#heroku-clientsrotate-id)
|
136 | * [`heroku clients:update ID`](#heroku-clientsupdate-id)
|
137 | * [`heroku sessions`](#heroku-sessions)
|
138 | * [`heroku sessions:destroy ID`](#heroku-sessionsdestroy-id)
|
139 |
|
140 | ## `heroku authorizations`
|
141 |
|
142 | list OAuth authorizations
|
143 |
|
144 | ```
|
145 | USAGE
|
146 | $ heroku authorizations
|
147 |
|
148 | OPTIONS
|
149 | -j, --json output in json format
|
150 | ```
|
151 |
|
152 | _See code: [lib/commands/authorizations/index.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/authorizations/index.js)_
|
153 |
|
154 | ## `heroku authorizations:create`
|
155 |
|
156 | create a new OAuth authorization
|
157 |
|
158 | ```
|
159 | USAGE
|
160 | $ heroku authorizations:create
|
161 |
|
162 | OPTIONS
|
163 | -S, --short only output token
|
164 | -d, --description=description set a custom authorization description
|
165 | -e, --expires-in=expires-in set expiration in seconds (default no expiration)
|
166 | -j, --json output in json format
|
167 | -s, --scope=scope set custom OAuth scopes
|
168 |
|
169 | DESCRIPTION
|
170 | This creates an authorization with access to your Heroku account.
|
171 | ```
|
172 |
|
173 | _See code: [lib/commands/authorizations/create.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/authorizations/create.js)_
|
174 |
|
175 | ## `heroku authorizations:info ID`
|
176 |
|
177 | show an existing OAuth authorization
|
178 |
|
179 | ```
|
180 | USAGE
|
181 | $ heroku authorizations:info ID
|
182 |
|
183 | OPTIONS
|
184 | -j, --json output in json format
|
185 | ```
|
186 |
|
187 | _See code: [lib/commands/authorizations/info.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/authorizations/info.js)_
|
188 |
|
189 | ## `heroku authorizations:revoke ID`
|
190 |
|
191 | revoke OAuth authorization
|
192 |
|
193 | ```
|
194 | USAGE
|
195 | $ heroku authorizations:revoke ID
|
196 |
|
197 | ALIASES
|
198 | $ heroku authorizations:destroy
|
199 | ```
|
200 |
|
201 | _See code: [lib/commands/authorizations/revoke.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/authorizations/revoke.js)_
|
202 |
|
203 | ## `heroku authorizations:rotate ID`
|
204 |
|
205 | updates an OAuth authorization token
|
206 |
|
207 | ```
|
208 | USAGE
|
209 | $ heroku authorizations:rotate ID
|
210 | ```
|
211 |
|
212 | _See code: [lib/commands/authorizations/rotate.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/authorizations/rotate.js)_
|
213 |
|
214 | ## `heroku authorizations:update ID`
|
215 |
|
216 | updates an OAuth authorization
|
217 |
|
218 | ```
|
219 | USAGE
|
220 | $ heroku authorizations:update ID
|
221 |
|
222 | OPTIONS
|
223 | -d, --description=description set a custom authorization description
|
224 | --client-id=client-id identifier of OAuth client to set
|
225 | --client-secret=client-secret secret of OAuth client to set
|
226 | ```
|
227 |
|
228 | _See code: [lib/commands/authorizations/update.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/authorizations/update.js)_
|
229 |
|
230 | ## `heroku clients`
|
231 |
|
232 | list your OAuth clients
|
233 |
|
234 | ```
|
235 | USAGE
|
236 | $ heroku clients
|
237 |
|
238 | OPTIONS
|
239 | -j, --json output in json format
|
240 | ```
|
241 |
|
242 | _See code: [lib/commands/clients/index.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/clients/index.js)_
|
243 |
|
244 | ## `heroku clients:create NAME REDIRECT_URI`
|
245 |
|
246 | create a new OAuth client
|
247 |
|
248 | ```
|
249 | USAGE
|
250 | $ heroku clients:create NAME REDIRECT_URI
|
251 |
|
252 | OPTIONS
|
253 | -j, --json output in json format
|
254 | -s, --shell output in shell format
|
255 | ```
|
256 |
|
257 | _See code: [lib/commands/clients/create.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/clients/create.js)_
|
258 |
|
259 | ## `heroku clients:destroy ID`
|
260 |
|
261 | delete client by ID
|
262 |
|
263 | ```
|
264 | USAGE
|
265 | $ heroku clients:destroy ID
|
266 | ```
|
267 |
|
268 | _See code: [lib/commands/clients/destroy.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/clients/destroy.js)_
|
269 |
|
270 | ## `heroku clients:info ID`
|
271 |
|
272 | show details of an oauth client
|
273 |
|
274 | ```
|
275 | USAGE
|
276 | $ heroku clients:info ID
|
277 |
|
278 | OPTIONS
|
279 | -j, --json output in json format
|
280 | -s, --shell output in shell format
|
281 | ```
|
282 |
|
283 | _See code: [lib/commands/clients/info.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/clients/info.js)_
|
284 |
|
285 | ## `heroku clients:rotate ID`
|
286 |
|
287 | rotate OAuth client secret
|
288 |
|
289 | ```
|
290 | USAGE
|
291 | $ heroku clients:rotate ID
|
292 |
|
293 | OPTIONS
|
294 | -j, --json output in json format
|
295 | -s, --shell output in shell format
|
296 | ```
|
297 |
|
298 | _See code: [lib/commands/clients/rotate.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/clients/rotate.js)_
|
299 |
|
300 | ## `heroku clients:update ID`
|
301 |
|
302 | update OAuth client
|
303 |
|
304 | ```
|
305 | USAGE
|
306 | $ heroku clients:update ID
|
307 |
|
308 | OPTIONS
|
309 | -n, --name=name change the client name
|
310 | --url=url change the client redirect URL
|
311 | ```
|
312 |
|
313 | _See code: [lib/commands/clients/update.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/clients/update.js)_
|
314 |
|
315 | ## `heroku sessions`
|
316 |
|
317 | list your OAuth sessions
|
318 |
|
319 | ```
|
320 | USAGE
|
321 | $ heroku sessions
|
322 |
|
323 | OPTIONS
|
324 | -j, --json output in json format
|
325 | ```
|
326 |
|
327 | _See code: [lib/commands/sessions/index.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/sessions/index.js)_
|
328 |
|
329 | ## `heroku sessions:destroy ID`
|
330 |
|
331 | delete (logout) OAuth session by ID
|
332 |
|
333 | ```
|
334 | USAGE
|
335 | $ heroku sessions:destroy ID
|
336 | ```
|
337 |
|
338 | _See code: [lib/commands/sessions/destroy.js](https://github.com/heroku/cli/blob/v7.12.6/packages/oauth-v5/lib/commands/sessions/destroy.js)_
|
339 |
|