That, or the SSH client opens a separate connection to the authorization server and polls for the session state until the user has completed the process; that would be the device code grant, which would solve this scenario just fine.
That, or the SSH client opens a separate connection to the authorization server and polls for the session state until the user has completed the process; that would be the device code grant, which would solve this scenario just fine.
You're both talking about web authentication, not HTTP authentication. cf. https://news.ycombinator.com/item?id=45399594
Only to obtain the token, the actual connection itself uses HTTP authentication (Bearer scheme).