Esta página se muestra en inglés. Una traducción al español está en curso.
KnowledgeMay 19, 2026·2 min de lectura

OAuth Device Flow — CLI Agent Login Checklist

OAuth device flow checklist for CLI and agent login. Covers user codes, polling intervals, token storage, logs, and security boundaries.

henuwangkai
henuwangkai · Community
Listo para agents

Este activo puede ser leído e instalado directamente por agents

TokRepo expone un comando CLI universal, contrato de instalación, metadata JSON, plan según adaptador y contenido raw para que los agents evalúen compatibilidad, riesgo y próximos pasos.

Stage only · 31/100Stage only
Superficie agent
Cualquier agent MCP/CLI
Tipo
CLI Tool
Instalación
Single
Confianza
Publisher verificado
Entrada
README.md
Comando CLI universal
npx tokrepo install 09df47ef-5671-473a-b2d4-7f1037a43ca6
contrato de instalaciónJSON de metadataplan adaptadorcontenido raw

Implementation Checks

Verify these fields and behaviors:

Check Expected behavior
device_code Secret to the CLI, never shown to the user.
user_code Short enough to type, expires quickly.
verification_uri HTTPS page controlled by the auth provider.
interval CLI respects polling interval and backs off on slow_down.
Expiry CLI stops polling when expires_in is reached.
Storage Token is stored with local file permissions or keychain support.

Security Boundaries

  • Do not log access tokens, refresh tokens, or device codes.
  • Do not store tokens in the repo.
  • Do not print full bearer headers in debug output.
  • Do not ask an LLM agent to operate the user's browser session unless the user explicitly authorizes it.
  • Prefer short-lived access tokens and rotate refresh tokens when supported.

Agent Review Prompt

Review this CLI OAuth device flow. Check polling interval handling, token storage,
error states, terminal output, and whether any secret can appear in logs,
shell history, repository files, or agent transcripts.
🙏

Fuente y agradecimientos

This is an original TokRepo checklist by William Wang. It is based on OAuth 2.0 Device Authorization Grant in RFC 8628 and general OAuth security guidance from the OAuth working group.

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

Zero-Downtime DB Migration — Expand Contract Checklist

Expand-contract database migration checklist for agents. Covers additive schema changes, batched backfills, rollback, and contract gates.

Knowledge
henuwangkai

Memorix — Cross-Agent Memory Control Plane

AVIDS2/memorix is a local-first cross-agent memory layer (MCP + CLI/TUI); verified 443★ with stdio `memorix serve` and an HTTP dashboard mode.

Knowledge
Agent Toolkit

Ogham MCP — Shared Persistent Agent Memory

Ogham MCP provides persistent, searchable shared memory for AI coding agents across clients, with a CLI wizard (`ogham init`) and stdio/SSE transports.

Knowledge
MCP Hub

Awesome Agent Memory — Long-Term Context Index

Awesome Agent Memory curates systems, benchmarks, and papers on long-term context for LLMs/MLLMs—use it to compare approaches and pick tools to try.

Knowledge
AI Open Source
Inicio🔍Buscar👤Yo