Automic VaultAutomic Vault

brew

Install oauth2l with Homebrew, Nix

Simple CLI for interacting with Google oauth tokens. Version 1.3.3 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install oauth2l

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#oauth2l

nixpkgs package indexes · pkgs/by-name/oa/oauth2l/package.nix · source: api.github.com

overview

Package summary

Simple CLI for interacting with Google oauth tokens

Commands and aliases

  • oauth2l

history

Project history and usage

oauth2l, pronounced "oauth tool" in its README, is Google's Go CLI for fetching, printing, inspecting, testing, and using Google OAuth 2.0 access tokens from shell workflows. It is narrower than generic OAuth clients, but deeper in Google-specific authentication paths such as Google Cloud SDK credentials, Google Compute Engine and Google Kubernetes Engine service accounts, service-account JSON keys, domain-wide delegation examples, and cached local tokens.

Project history

The google/oauth2l repository was created on 2016-03-31, making it one of the older maintained Go CLIs in this batch. Its README frames the project around the practical problem of turning Google OAuth credentials into command-line access tokens that can be passed to tools such as curl.

The project's 2022-07-19 v1.3.0 release was a security-oriented milestone: release notes added the three-legged OAuth loopback flow and PKCE support, replacing the deprecated copy-and-paste out-of-band pattern with a localhost redirect flow managed by oauth2l. Later releases in 2024 and 2025 focused on arm64 packaging, README updates, dependency upgrades, and vulnerability-scanner cleanup.

Adoption history

The repository metadata recorded 731 stars and 91 forks, which is substantial for a single-provider token utility. The README documents multiple distribution paths: precompiled binaries for Darwin, Linux, and Windows; Homebrew; a Google Container Registry image; source builds with Go; and tagged container images.

Homebrew core packaged oauth2l with version 1.3.3 and the `oauth2l` executable in the 2026-07-01 formula JSON. The same formula recorded 1,500 installs over 365 days, showing broader package-manager use than the smaller Objective-C utilities in this batch.

How it is used

oauth2l's core commands map directly to shell auth workflows: `fetch` prints a bearer token, `header` formats it as an Authorization header, `curl` obtains a token and invokes curl, `info` prints token metadata, `test` validates a token via exit status, and `reset` clears the default `~/.oauth2l` cache.

The README's examples show why it remains useful even in environments with full Google SDKs installed: it can use existing gcloud sessions, explicit credential files, service-account JWTs, domain-wide delegation, and ambient GCE or GKE service-account credentials, then hand the resulting token to ordinary command-line tools.

Why package nerds care

oauth2l is a classic glue package: small enough to install as a standalone executable, official enough to be trusted by Google API users, and practical enough to bridge heavyweight cloud authentication into scripts, tests, and ad hoc API calls.

Timeline

  • 2016-03-31: the public GitHub repository was created.
  • 2022-07-19: v1.3.0 added the three-legged OAuth loopback flow and PKCE support.
  • 2025-04-02: v1.3.3 updated dependencies and the Go version to address vulnerability-scanner findings.
  • 2026-07-01: Homebrew core formula metadata listed stable version 1.3.3.

Related projects

  • oauth2l pairs naturally with curl, Google Cloud SDK credentials, Google Cloud Console credential files, and Google service accounts. Compared with oauth2c, it trades generic OAuth breadth for Google-specific credential discovery and token workflows.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 8 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.oauth2l

executables

Installed executables

CommandKindExposureNote
oauth2lcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.3.3
manager updated
local dataok
upstreamcurrent
latest detectedv1.3.3

https://github.com/google/oauth2l

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:oauth2l
Version1.3.3
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/oauth2l
Homepagehttps://github.com/google/oauth2l
Repositoryhttps://github.com/google/oauth2l
Upstream docshttps://github.com/google/oauth2l#readme
LicenseApache-2.0
Source archivehttps://github.com/google/oauth2l/archive/refs/tags/v1.3.3.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameoauth2l
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

oauth2l

nix profile install nixpkgs#oauth2l
  • normalized package name match
  • Matched by: Oauth2l
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/oa/oauth2l/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment