Automic VaultAutomic Vault

brew

Install oauth2c with Homebrew, MacPorts, Nix, scoop

User-friendly CLI for OAuth2. Version 1.20.0 via Homebrew; verified 2026-07-04.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install oauth2c

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install oauth2c

MacPorts ports tree · security/oauth2c/Portfile · source: api.github.com

Linux

Nixverified · 92%
nix profile install nixpkgs#oauth2c

nixpkgs package indexes · pkgs/by-name/oa/oauth2c/package.nix · source: api.github.com

Windows

Scoopverified · 92%
scoop install main/oauth2c

Scoop official bucket manifest trees · bucket/oauth2c.json · source: api.github.com

overview

Package summary

User-friendly CLI for OAuth2

Commands and aliases

  • oauth2c

history

Project history and usage

oauth2c is a Go command-line client for exercising OAuth 2.0 and OpenID Connect flows against authorization servers. Its package-nerd appeal is that it packages a large cross-section of OAuth client behavior into one executable: authorization code, device, client credentials, JWT bearer, token exchange, refresh-token flows, PKCE, JARM, PAR, DPoP, RAR, private-key JWT, client-secret modes, and mutual-TLS-related endpoints.

Project history

The public GitHub repository was created on 2022-06-27 under the Cloudentity lineage and later appears under SecureAuthCorp on GitHub, while Homebrew still records the homepage as the Cloudentity repository URL. The README presents oauth2c as a tool for making token-fetching experiments easier across basic and advanced OAuth/OIDC profiles rather than as a provider-specific helper.

The release train reached v1.20.0 on 2026-04-29, with prebuilt release assets for Darwin and Linux architectures. That release metadata, combined with the small Go codebase and Homebrew source build, shows oauth2c evolving as a compact protocol-workbench CLI rather than a full identity platform.

Adoption history

Homebrew core packaged oauth2c as a normal formula with the `oauth2c` executable, Go as the build dependency, and version 1.20.0 in the 2026-07-01 formula JSON. Homebrew analytics for that formula recorded 357 installs over 365 days, which points to niche but real use among developers and identity engineers.

The GitHub repository metadata recorded 925 stars and 50 forks, a stronger adoption signal than most one-purpose OAuth CLIs. Its README also links to Repology packaging status, indicating that the project is tracked beyond Homebrew.

How it is used

Developers use oauth2c to walk OAuth and OIDC flows from a terminal, often with a local callback listener for browser-based authorization-code flows. The README explicitly notes the default localhost callback URL, the option to suppress browser automation, request tracing, and `--silent` output for CI/CD or scripting.

The tool is useful when debugging authorization-server behavior because it exposes knobs that many SDKs hide: response types and modes, token endpoint authentication methods, signed or encrypted request objects, pushed authorization requests, proof-of-possession tokens, scopes, audiences, resources, and explicit endpoint overrides.

Why package nerds care

oauth2c is a good example of a package-manager-friendly security/developer tool: one static-feeling Go CLI, no runtime dependencies in Homebrew, broad standards coverage, and prebuilt upstream binaries. For av.db, it sits at the intersection of OAuth protocol testing, identity-provider integration, and shell automation.

Timeline

  • 2022-06-27: the public GitHub repository was created.
  • 2026-04-29: GitHub release v1.20.0 was published.
  • 2026-07-01: Homebrew core formula metadata listed stable version 1.20.0 and the `oauth2c` executable.

Related projects

  • oauth2c overlaps with provider-specific token helpers such as Google's oauth2l, but it targets generic OAuth 2.0, OIDC, FAPI, and JWT profiles instead of a single cloud provider.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
oauth2ccliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.20.0
manager updated2026-07-04
local dataok
upstreamcurrent
latest detectedv1.20.0

https://github.com/SecureAuthCorp/oauth2c

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:oauth2c
Version1.20.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/oauth2c
Homepagehttps://github.com/SecureAuthCorp/oauth2c
Repositoryhttps://github.com/SecureAuthCorp/oauth2c
Upstream docshttps://github.com/cloudentity/oauth2c#readme
LicenseApache-2.0
Source archivehttps://github.com/SecureAuthCorp/oauth2c/archive/refs/tags/v1.20.0.tar.gz
Last updated2026-07-04T16:53:44+09:00
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameoauth2c
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

oauth2c

nix profile install nixpkgs#oauth2c
  • normalized package name match
  • Matched by: Oauth2c
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/oa/oauth2c/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
MacPorts95%

oauth2c

sudo port install oauth2c
  • normalized package name match
  • Matched by: Oauth2c
MacPorts ports tree · api.github.com · MacPorts ports tree: security/oauth2c/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Scoop95%

main/oauth2c

scoop install main/oauth2c
  • normalized package name match
  • Matched by: Oauth2c
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/oauth2c.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment