For reference, the azure client, opens a browser for the login, which redirects to a dns address that equates to "localhost" on a port that will effectively get the final auth tokens to the local instance, which then persists and shuts down the service. Should be able to do very similar.