OAuth2 client server authentication for command line utility

I understand you said "don't open the web browser", but what about if this browser is on another device (like their mobile device?).

If applicable, you can use the OAuth 2.0 device approach , whereby you present the user with a short alphanumeric code that they enter at http://google.com/device to authenticate a request from another device. This OAuth flow is designed to work in non-browser environments (like the command line).

To see a demo of this authentication flow in action, go to the YouTube TV site , press the ← key on your keyboard, and select Sign B.

It's also easy to try yourself - create an OAuth client in the console (like "installed app" → "other") and follow the examples curl

in the docs (be sure to replace the demo code

in the token request with the device_code

one received from the original request to the code endpoint). Decode the resulting id_token using any of the JWT decoder examples like this one .

In your case, you have to request a scope profile

that will return id_token

in response to the call to the token endpoint from which you can extract the google user profile id (id field sub

).