Hi, Spring fans! In this installment, in our continuing quest to SECURE ALL THE THINGS, we'll look at how to use device code grants to enable secure access to CLI applications, such as those written in Spring Shell. We'll use the Spring Authorization Server as our OAuth IDP, and of course, a good helping of Spring Security and OAuth. 


The code for this is here: https://github.com/coffee-software-show/2026-02-28-spring-shell-and-device-code-oauth

A huge hat tip to the legendary Rob Winch and Adib Saikali for lighting the way for this demo!

#secureallthethings #security #commandline #commandlinetools #springboot #java #java #graalvm #oauth

Coffee + Software

A walkthrough of securing a CLI application using OAuth 2.0 Device Code flow with Spring Security. The tutorial covers setting up a Spring Authorization Server, creating a protected REST endpoint as an OAuth resource server, and building a Spring Shell CLI client that authenticates users via the device code grant type. The CLI prompts users to visit a verification URL, polls for the access token, then uses it to call the secured backend API. The result can be compiled into a GraalVM native image for distribution.

Secure your CLI applications with OAuth (and Spring Security)