Skip to content

cub oauthclient create

cub oauthclient create

Register an OAuth client

Synopsis

Register a per-app OAuth public client for your organization (RFC 7591). The client is a browser app: it holds no secret, enforces PKCE (S256), and is restricted to the exact redirect URIs you supply.

By default the app is restricted to your organization — only your members can log in through it. --allow-all-orgs makes it usable by members of any organization (each gets their own org's session); this is permitted only for trusted (first-party) organizations.

Examples:

  # Register an app with a single redirect URI
  cub oauthclient create my-dashboard --redirect-uri https://dash.example.com/callback

  # Register an app with multiple redirect URIs
  cub oauthclient create my-dashboard \
    --redirect-uri https://dash.example.com/callback \
    --redirect-uri http://localhost:5173/callback

  # Register a first-party app available to all organizations
  cub oauthclient create shared-console --redirect-uri https://console.confighub.com/callback --allow-all-orgs
cub oauthclient create <name> [flags]

Options

      --allow-all-orgs             Allow members of any organization to use the app (trusted orgs only). Default: restricted to your org.
  -h, --help                       help for create
  -o, --output string              Output format. One of: json, yaml, name, wide, mutations, jq=<expr>, yq=<expr>, custom-columns=<spec>
      --quiet                      No default output.
      --redirect-uri stringArray   Exact redirect URI allowed at login (repeatable). Required.
      --verbose                    Detailed output, additive with default output

Options inherited from parent commands

      --context string   The context to use for this command
      --debug            Debug output

SEE ALSO