step oauth – authorization and single sign-on using OAuth & OIDC


step oauth [–provider=provider] [–client-id=client-id –client-secret=client-secret] [–scope=scope …] [–bare [–oidc]] [–header [–oidc]]

step oauth –authorization-endpoint=authorization-endpoint –token-endpoint=token-endpoint –client-id=client-id –client-secret=client-secret [–scope=scope …] [–bare [–oidc]] [–header [–oidc]]

step oauth [–account=account] [–authorization-endpoint=authorization-endpoint –token-endpoint=token-endpoint] [–scope=scope …] [–bare [–oidc]] [–header [–oidc]]

step oauth –account=account –jwt [–scope=scope …] [–header] [-bare]


–provider=value, –idp=value
OAuth provider for authentication
–email=value, -e=value
Email to authenticate
–console, -c
Complete the flow while remaining only inside the terminal
OAuth Client ID
OAuth Client Secret
JSON file containing account details
OAuth Authorization Endpoint
OAuth Token Endpoint
Output HTTP Authorization Header (suitable for use with curl)
Output OIDC Token instead of OAuth Access Token
Only output the token
OAuth scopes
Generate a JWT Auth token instead of an OAuth Token (only works with service accounts)
Callback listener URL