oidc-agent
  • Introduction
  • Quickstart
  • Migrating to oidc-agent 5
  • Installation
    • Linux
    • MacOS
    • Windows
  • Configuration
    • oidc-agent Directory
    • General Configuration
    • Custom Request Parameter
    • Configuration of Providers
    • oidc-agent Integration
    • Agent Forwarding
  • Usage
    • oidc-agent
      • Starting oidc-agent
      • General Usage
      • Detailed Information About All Options
    • oidc-agent-service
    • oidc-keychain
      • General Usage
      • Detailed Information About All Options
    • oidc-gen
      • General Usage
      • Detailed Information About All Options
      • Integrate With Different Providers
        • B2Access
        • EGI
        • Elixir
        • Google
        • HBP
        • Helmholtz AAI
        • IAM (INDIGO/DEEP)
        • KIT
        • Any Other Provider
        • Known Issues
        • Client Configuration Values
    • oidc-add
      • General Usage
      • Detailed Information About All Options
    • oidc-token
      • General Usage
      • Detailed Information About All Options
    • oidc-tokensh
      • General Usage
      • Detailed Information About All Options
    • Other Applications Using oidc-agent
    • Tips
    • oidc-agent-server
  • Windows
    • Installation
  • MAC OS
    • State of Feature Support
    • Installation
  • Security
    • Privilege Separation & Architecture
    • Account Configuration Files
    • Credentials
    • Memory
    • Agent Locking
    • Communication
    • Encryption Passwords
    • Autounload (Lifetime)
    • User Confirmation
    • Tracing
    • seccomp
    • Final Note
  • API
    • liboidc-agent4
    • liboidcagent-go
    • liboidcagent-py
    • IPC-API
Powered by GitBook
On this page
  • Client Registration
  • oidc-gen and oidc-add
  • Edit an existing account configuration
  1. Usage
  2. oidc-gen

General Usage

Previousoidc-genNextDetailed Information About All Options

Last updated 5 years ago

Usually oidc-gen is used in one of two ways: Using dynamic client registration (default) or using an already registered client (-m). For providers that support dynamic client registration a simple call to oidc-gen is enough. You can also directly provide the shortname of the new account configuration: oidc-gen <shortname> After a successful account configuration generation oidc-gen will save the encrypted account configuration file in the using the shortname as the filename.

Usage: oidc-gen [OPTION...] [ACCOUNT_SHORTNAME]

Internal options are not considered part of the public API, even if listed for completeness. They can change at any time without backward compatibility considerations.

See for more information.

Client Registration

oidc-agent requires a registered client for every OpenID Provider used. Most likely a user does not have an already registered client and does not want to do it through a web interface. If the OpenID Provider supports dynamic client registration, the agent can register a new client dynamically. One big advantage of using dynamic registration is the fact that oidc-agent will register the client with exactly the configuration it needs. Dynamic Registration is the default option and running oidc-gen is enough.

If a user already has a client registered or the OpenID Provider does not support dynamic client registration oidc-gen must be called with the -m option. oidc-gen will prompt the user for the relevant information. If the user has a file with the client configuration information they can pass it to oidc-gen using the -f flag. When registering a client manually be careful with the provided data. Check for the values that are important to oidc-agent.

See on how to generate an account configuration for a specific provider.

oidc-gen and oidc-add

oidc-gen will also add the generated configuration to the agent. So you don't have to run oidc-add afterwards. However, if you want to load an existing configuration don't use oidc-gen for it; is your friend.

Edit an existing account configuration

To edit an existing configuration, call oidc-gen -m <shortname> where <shortname> is the short name for that configuration.

If you only have to update the refresh token and do not want to change any other data for this account configuration, use oidc-gen --reauthenticate <shortname>.

oidc-agent directory
Detailed Information About All Options
Client Configuration Values
Provider Info
oidc-add