Cette page est affichée en anglais. Une traduction française est en cours.
KnowledgeMay 19, 2026·2 min de lecture

OAuth Device Flow — CLI Agent Login Checklist

OAuth device flow checklist for CLI and agent login. Covers user codes, polling intervals, token storage, logs, and security boundaries.

henuwangkai
henuwangkai · Community
Prêt pour agents

Cet actif peut être lu et installé directement par les agents

TokRepo expose une commande CLI universelle, un contrat d'installation, le metadata JSON, un plan selon l'adaptateur et le contenu raw pour aider les agents à juger l'adaptation, le risque et les prochaines actions.

Stage only · 31/100Stage only
Surface agent
Tout agent MCP/CLI
Type
CLI Tool
Installation
Single
Confiance
Éditeur vérifié
Point d'entrée
README.md
Commande CLI universelle
npx tokrepo install 09df47ef-5671-473a-b2d4-7f1037a43ca6
contrat d'installationJSON metadataplan adaptateurcontenu raw

Implementation Checks

Verify these fields and behaviors:

Check Expected behavior
device_code Secret to the CLI, never shown to the user.
user_code Short enough to type, expires quickly.
verification_uri HTTPS page controlled by the auth provider.
interval CLI respects polling interval and backs off on slow_down.
Expiry CLI stops polling when expires_in is reached.
Storage Token is stored with local file permissions or keychain support.

Security Boundaries

  • Do not log access tokens, refresh tokens, or device codes.
  • Do not store tokens in the repo.
  • Do not print full bearer headers in debug output.
  • Do not ask an LLM agent to operate the user's browser session unless the user explicitly authorizes it.
  • Prefer short-lived access tokens and rotate refresh tokens when supported.

Agent Review Prompt

Review this CLI OAuth device flow. Check polling interval handling, token storage,
error states, terminal output, and whether any secret can appear in logs,
shell history, repository files, or agent transcripts.
🙏

Source et remerciements

This is an original TokRepo checklist by William Wang. It is based on OAuth 2.0 Device Authorization Grant in RFC 8628 and general OAuth security guidance from the OAuth working group.

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

Zero-Downtime DB Migration — Expand Contract Checklist

Expand-contract database migration checklist for agents. Covers additive schema changes, batched backfills, rollback, and contract gates.

Knowledge
henuwangkai

Memorix — Cross-Agent Memory Control Plane

AVIDS2/memorix is a local-first cross-agent memory layer (MCP + CLI/TUI); verified 443★ with stdio `memorix serve` and an HTTP dashboard mode.

Knowledge
Agent Toolkit

Ogham MCP — Shared Persistent Agent Memory

Ogham MCP provides persistent, searchable shared memory for AI coding agents across clients, with a CLI wizard (`ogham init`) and stdio/SSE transports.

Knowledge
MCP Hub

Awesome Agent Memory — Long-Term Context Index

Awesome Agent Memory curates systems, benchmarks, and papers on long-term context for LLMs/MLLMs—use it to compare approaches and pick tools to try.

Knowledge
AI Open Source
Accueil🔍Rechercher👤Moi