Provide fallback method if local server is not reachable

[int128]

It would be nice if oauth2cli provides a fallback method if the local server is not reachable such as a remote host. This issue is originally from int128/kubelogin#148.

User interaction

Open http://localhost:8000
If you cannot open the browser, visit https://accounts.google.com/... and enter code: xxxxxxxx

Authorization will finish when the local server received a code or user entered a code by keyboard.

Implementation consideration

Redirect URIs are different between the local server and keyboard as:

• By the local server: redirect_uri=http://localhost:8000
• By keyboard: redirect_uri=urn:ietf:wg:oauth:2.0:oob

Note that post-process (exchanging code) must use the corresponding redirect URI, or error will be returned.

It may be complex design as:

1. Goroutine 1 serves the local server.
2. Goroutine 2 waits for an authorization response and shuts down the local server.
3. Goroutine 3 waits for a code from keyboard and shuts down the local server.

Unfortunately fmt.Scanf() and io.Stdin.Read() do not support a context and there is no way to break an interaction for now (as golang/go#20280). So the goroutine3 will remain after the authorization.

See also: https://github.com/int128/kubelogin/blob/1.0/oidc.go#L81

[mecampbellsoup]

Hi @int128, do you know why my local kubelogin server is not reachable?

I don't seen anywhere in the documentation how to (re)start kubelogin's server...

[int128]

URL seems wrong. It should be http://localhost:8000/?access_type=....

[mecampbellsoup]

Sorry, meant to update this before - this was a user error 😄

Turned out my .well-known/openid-configuration JSON's URIs were not absolute paths but instead were relative paths - i.e. /o/authorize instead of https://my-host:8000/o/authorize. Fixing this resolved my issue.

Thanks for the great tool!