oidc-gen
is used in one of two ways: Using dynamic client registration (default) or using an already registered client (-m
). For providers that support dynamic client registration a simple call to oidc-gen
is enough. You can also directly provide the shortname of the new account configuration: oidc-gen <shortname>
After a successful account configuration generation oidc-gen will save the encrypted account configuration file in the oidc-agent directory using the shortname as the filename.oidc-agent
requires a registered client for every OpenID Provider used. Most likely a user does not have an already registered client and does not want to do it through a web interface. If the OpenID Provider supports dynamic client registration, the agent can register a new client dynamically. One big advantage of using dynamic registration is the fact that oidc-agent will register the client with exactly the configuration it needs. Dynamic Registration is the default option and running oidc-gen
is enough.oidc-gen
must be called with the -m
option. oidc-gen
will prompt the user for the relevant information. If the user has a file with the client configuration information they can pass it to oidc-gen using the -f
flag. When registering a client manually be careful with the provided data. Check Client Configuration Values for the values that are important to oidc-agent.oidc-gen
will also add the generated configuration to the agent. So you don't have to run oidc-add
afterwards. However, if you want to load an existing configuration don't use oidc-gen
for it; oidc-add
is your friend.oidc-gen -m <shortname>
where <shortname>
is the short name for that configuration.oidc-gen --reauthenticate <shortname>
.