rpk ai oauth-client create
Register an OAuth client. The generated client_secret is printed once to stderr with a "copy this now" banner — it cannot be retrieved afterward. Store it in whatever secret manager the external tool uses.
Flags
| Value | Type | Description |
|---|---|---|
|
strings |
MCP URL this client can request tokens for; "" = any. repeatable (default []). |
|
string |
human-readable display name shown on the consent card (required). |
|
- |
whether the client may request tokens (default true). |
|
strings |
grant types: authorization_code, refresh_token (default [authorization_code,refresh_token]). |
|
- |
help for create. |
|
string |
https:// logo URI shown on the consent card. |
|
string |
client name (required; AIP-122 resource identifier). |
|
- |
require PKCE (RFC 7636) on authorization requests (default true). |
|
strings |
allowed redirect URI (exact match; repeatable, required). |
|
string |
token endpoint auth: client_secret_basic, client_secret_post, none (default "client_secret_basic"). |
|
string |
output format: table|wide|json|yaml|markdown (env: RPAI_FORMAT) (default "table"). |
|
- |
disable colored output (env: NO_COLOR). |
|
string |
path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). |
|
string |
override the selected environment’s AI Gateway URL for this invocation. |
|
string |
rpai profile name (env: RPAI_PROFILE). |
|
- |
verbose debug logging to stderr (env: RPAI_VERBOSE). |
|
string |
static bearer token override (ambient RPAI_TOKEN is ignored under rpk ai). |