feat: basic auth support for hydra cli (admin endpoint)

Required for example in case where hydra admin endpoint
is protected behind a reverse proxy that enforces basic auth.
If --access-token arg is set, it takes precedence over basic auth

It does not apply to token revoke command

cmd/cli/handler_helper.go

@@ -95,9 +95,13 @@ func configureClientBase(cmd *cobra.Command, withAuth bool) *hydra.OryHydra {
 
 		ht.Transport = newTransport(cmd)
 	}
+
 	if withAuth {
 		if token := flagx.MustGetString(cmd, "access-token"); token != "" {
 			ht.DefaultAuthentication = httptransport.BearerToken(token)
+		} else if u.User != nil {
+			pass, _ := u.User.Password()
+			ht.DefaultAuthentication = httptransport.BasicAuth(u.User.Username(), pass)
 		}
 	}
 

cmd/clients.go

@@ -36,7 +36,10 @@ func NewClientsCmd() *cobra.Command {
 	cmd.PersistentFlags().Bool("fake-tls-termination", false, `Fake tls termination by adding "X-Forwarded-Proto: https" to http headers`)
 	cmd.PersistentFlags().Duration("fail-after", time.Minute, `Stop retrying after the specified duration`)
 	cmd.PersistentFlags().String("access-token", os.Getenv("OAUTH2_ACCESS_TOKEN"), "Set an access token to be used in the Authorization header, defaults to environment variable OAUTH2_ACCESS_TOKEN")
-	cmd.PersistentFlags().String("endpoint", os.Getenv("HYDRA_ADMIN_URL"), "Set the URL where Ory Hydra is hosted, defaults to environment variable HYDRA_ADMIN_URL. A unix socket can be set in the form unix:///path/to/socket")
+	cmd.PersistentFlags().String("endpoint", os.Getenv("HYDRA_ADMIN_URL"),
+		"Set the URL where Ory Hydra is hosted, defaults to environment variable HYDRA_ADMIN_URL. A unix socket can be set in the form unix:///path/to/socket.\n"+
+			"HTTP basic-auth can be set in the url (https://<user>:<password>@<hostname>/). It will however be ignored if --access-token is also set",
+	)
 	cmd.PersistentFlags().Bool("skip-tls-verify", false, "Foolishly accept TLS certificates signed by unknown certificate authorities")
 	return cmd
 }