Skip to main content

Crate ez_token

Crate ez_token 

Source
Expand description

A CLI tool for requesting OAuth2 access tokens from Microsoft Entra ID and Auth0.

Pronunciation: ez-token is pronounced “easy token” — because getting an OAuth2 token should be.

§Contents

§Getting Started

ez-token allows you to easily fetch and manage tokens without leaving the terminal. It supports standard OAuth2 flows and manages the heavy lifting of PKCE, local callbacks, and client credentials across multiple identity providers.

If no --provider is passed and no profile is configured, you will be prompted to select an identity provider interactively using arrow keys.

§Interactive Login

Starts an interactive PKCE flow that opens your default web browser to authenticate with your identity provider.

# Microsoft Entra ID
ez-token login --provider microsoft --tenant-id <TENANT> --client-id <CLIENT>

# Auth0
ez-token login --provider auth0 --domain <DOMAIN> --client-id <CLIENT> --audience <AUDIENCE>

§Machine-to-Machine

For machine-to-machine environments, CI/CD pipelines, or scripts, use the Client Credentials grant:

# Microsoft Entra ID
ez-token m2m --provider microsoft --client-secret <SECRET>

# Auth0 (requires a dedicated M2M application)
ez-token m2m --provider auth0 --domain <DOMAIN> --audience <AUDIENCE> --client-secret <SECRET>

§Configuration Profiles

You can set up different profiles for different environments or providers using the config subcommand. This prevents you from having to re-enter your credentials every time.

# Save settings to a new "prod" profile
ez-token --profile prod config set --provider microsoft --tenant-id <TENANT> --client-id <CLIENT>

# Save an Auth0 profile
ez-token --profile auth0-dev config set --provider auth0 --domain <DOMAIN> --client-id <CLIENT> --audience <AUDIENCE>

# Use a profile for future logins
ez-token --profile prod login
ez-token --profile auth0-dev login

§Security Warning

Tokens and configuration data are stored locally on your machine. Ensure your configuration directory has the correct file permissions to prevent unauthorized access. The client secret used for M2M flows is never persisted to disk.

Modules§

cli
Command-line interface definitions and user interaction layer.
commands
Subcommand handlers that orchestrate the CLI-to-service flow.
config
Configuration file management for profiles and settings.
services
Core service implementations for authentication, HTTP, and local server.