cub oauthclient create
cub oauthclient create
Register an OAuth client
Synopsis
Register a per-app OAuth public client for your organization (RFC 7591). The client is a browser app: it holds no secret, enforces PKCE (S256), and is restricted to the exact redirect URIs you supply.
By default the app is restricted to your organization — only your members can log in through it. --allow-all-orgs makes it usable by members of any organization (each gets their own org's session); this is permitted only for trusted (first-party) organizations.
Examples:
# Register an app with a single redirect URI
cub oauthclient create my-dashboard --redirect-uri https://dash.example.com/callback
# Register an app with multiple redirect URIs
cub oauthclient create my-dashboard \
--redirect-uri https://dash.example.com/callback \
--redirect-uri http://localhost:5173/callback
# Register a first-party app available to all organizations
cub oauthclient create shared-console --redirect-uri https://console.confighub.com/callback --allow-all-orgs
cub oauthclient create <name> [flags]
Options
--allow-all-orgs Allow members of any organization to use the app (trusted orgs only). Default: restricted to your org.
-h, --help help for create
-o, --output string Output format. One of: json, yaml, name, wide, mutations, jq=<expr>, yq=<expr>, custom-columns=<spec>
--quiet No default output.
--redirect-uri stringArray Exact redirect URI allowed at login (repeatable). Required.
--verbose Detailed output, additive with default output
Options inherited from parent commands
--context string The context to use for this command
--debug Debug output
SEE ALSO
- cub oauthclient - OAuth client commands