I think most other cli clients (like the stripe cli, for example) solve this by starting a web server and authenticating in the browser, then save the obtained api token to some place where the cli can access it.
Right now it’s not implemented in the api. It will be at some point though.