oidc-agent
  • Introduction
  • Quickstart
  • Migrating to oidc-agent 5
  • Installation
    • Linux
    • MacOS
    • Windows
  • Configuration
    • oidc-agent Directory
    • General Configuration
    • Custom Request Parameter
    • Configuration of Providers
    • oidc-agent Integration
    • Agent Forwarding
  • Usage
    • oidc-agent
      • Starting oidc-agent
      • General Usage
      • Detailed Information About All Options
    • oidc-agent-service
    • oidc-keychain
      • General Usage
      • Detailed Information About All Options
    • oidc-gen
      • General Usage
      • Detailed Information About All Options
      • Integrate With Different Providers
        • B2Access
        • EGI
        • Elixir
        • Google
        • HBP
        • Helmholtz AAI
        • IAM (INDIGO/DEEP)
        • KIT
        • Any Other Provider
        • Known Issues
        • Client Configuration Values
    • oidc-add
      • General Usage
      • Detailed Information About All Options
    • oidc-token
      • General Usage
      • Detailed Information About All Options
    • oidc-tokensh
      • General Usage
      • Detailed Information About All Options
    • Other Applications Using oidc-agent
    • Tips
    • oidc-agent-server
  • Windows
    • Installation
  • MAC OS
    • State of Feature Support
    • Installation
  • Security
    • Privilege Separation & Architecture
    • Account Configuration Files
    • Credentials
    • Memory
    • Agent Locking
    • Communication
    • Encryption Passwords
    • Autounload (Lifetime)
    • User Confirmation
    • Tracing
    • seccomp
    • Final Note
  • API
    • liboidc-agent4
    • liboidcagent-go
    • liboidcagent-py
    • IPC-API
Powered by GitBook
On this page
  1. Security

Autounload (Lifetime)

Generally, we keep all information in memory as short as possible, but sometimes we have to keep information for a longer time, e.g. the account configuration. Loaded account configurations can be automatically unloaded after a user-defined timespan. A user can use the lifetime option to control how long a configuration will live in the agent, after that time it is automatically unloaded. This feature plays very well with the autoload feature, because it makes it easy to use small lifetimes on default, because an unloaded configuration can be loaded again into the agent without running oidc-add, but simply when it is required. If this is combined with an gpg-based encryption the experience can be further improved.

PreviousEncryption PasswordsNextUser Confirmation

Last updated 1 year ago