oidc-genis used in one of two ways: Using dynamic client registration (default) or using an already registered client (
-m). For providers that support dynamic client registration a simple call to
oidc-genis enough. You can also directly provide the shortname of the new account configuration:
oidc-gen <shortname>After a successful account configuration generation oidc-gen will save the encrypted account configuration file in the oidc-agent directory using the shortname as the filename.
oidc-agentrequires a registered client for every OpenID Provider used. Most likely a user does not have an already registered client and does not want to do it through a web interface. If the OpenID Provider supports dynamic client registration, the agent can register a new client dynamically. One big advantage of using dynamic registration is the fact that oidc-agent will register the client with exactly the configuration it needs. Dynamic Registration is the default option and running
oidc-genmust be called with the
oidc-genwill prompt the user for the relevant information. If the user has a file with the client configuration information they can pass it to oidc-gen using the
-fflag. When registering a client manually be careful with the provided data. Check Client Configuration Values for the values that are important to oidc-agent.
oidc-genwill also add the generated configuration to the agent. So you don't have to run
oidc-addafterwards. However, if you want to load an existing configuration don't use
oidc-addis your friend.
oidc-gen -m <shortname>where
<shortname>is the short name for that configuration.
oidc-gen --reauthenticate <shortname>.