1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
//! A CLI tool for requesting OAuth2 access tokens from Microsoft Entra ID and Auth0.
//!
//! > **Pronunciation:** `ez-token` is pronounced *"easy token"* — because getting
//! > an OAuth2 token should be.
//!
//! # Contents
//!
//! - [Getting Started](#getting-started)
//! - [Interactive Login](#interactive-login)
//! - [Machine-to-Machine](#machine-to-machine)
//! - [Configuration Profiles](#configuration-profiles)
//! - [Security Warning](#security-warning)
//!
//! # Getting Started
//!
//! `ez-token` allows you to easily fetch and manage tokens without leaving the terminal.
//! It supports standard OAuth2 flows and manages the heavy lifting of PKCE, local
//! callbacks, and client credentials across multiple identity providers.
//!
//! If no `--provider` is passed and no profile is configured, you will be prompted
//! to select an identity provider interactively using arrow keys.
//!
//! ## Interactive Login
//!
//! Starts an interactive PKCE flow that opens your default web browser to authenticate
//! with your identity provider.
//!
//! ```text
//! # Microsoft Entra ID
//! ez-token login --provider microsoft --tenant-id <TENANT> --client-id <CLIENT>
//!
//! # Auth0
//! ez-token login --provider auth0 --domain <DOMAIN> --client-id <CLIENT> --audience <AUDIENCE>
//! ```
//!
//! ## Machine-to-Machine
//!
//! For machine-to-machine environments, CI/CD pipelines, or scripts, use the Client Credentials grant:
//!
//! ```text
//! # Microsoft Entra ID
//! ez-token m2m --provider microsoft --client-secret <SECRET>
//!
//! # Auth0 (requires a dedicated M2M application)
//! ez-token m2m --provider auth0 --domain <DOMAIN> --audience <AUDIENCE> --client-secret <SECRET>
//! ```
//!
//! # Configuration Profiles
//!
//! You can set up different profiles for different environments or providers
//! using the `config` subcommand. This prevents you from having to re-enter
//! your credentials every time.
//!
//! ```text
//! # Save settings to a new "prod" profile
//! ez-token --profile prod config set --provider microsoft --tenant-id <TENANT> --client-id <CLIENT>
//!
//! # Save an Auth0 profile
//! ez-token --profile auth0-dev config set --provider auth0 --domain <DOMAIN> --client-id <CLIENT> --audience <AUDIENCE>
//!
//! # Use a profile for future logins
//! ez-token --profile prod login
//! ez-token --profile auth0-dev login
//! ```
//!
//! # Security Warning
//!
//! Tokens and configuration data are stored locally on your machine. Ensure your
//! configuration directory has the correct file permissions to prevent unauthorized access.
//! The client secret used for M2M flows is never persisted to disk.
/// Command-line interface definitions and user interaction layer.
///
/// Contains argument parsing via `clap`, interactive prompts, input history,
/// and terminal output helpers. This module is intentionally kept separate
/// from authentication logic — it handles only how the user communicates
/// with the tool.
/// Subcommand handlers that orchestrate the CLI-to-service flow.
///
/// Each module corresponds to a top-level `ez-token` subcommand and is
/// responsible for resolving inputs, invoking the appropriate service,
/// and presenting results to the user.
/// Configuration file management for profiles and settings.
///
/// Handles loading and persisting user configuration via `confy`, including
/// named profiles that store provider, Tenant ID or Domain, Client ID, and default Scopes.
/// Core service implementations for authentication, HTTP, and local server.
///
/// Contains the OAuth2 flow implementations ([`services::authentication`]),
/// the shared HTTP client ([`services::http_client`]), and the local callback
/// server ([`services::local_server`]) used during interactive login.