EGI Check-in supports dynamic registration, but dynamically registered clients will not have any scopes. Therefore, users have to either register a client manually or use a preregistered public client (recommended).
# oidc-gen --pub --issuer https://aai.egi.eu/auth/realms/egi \
--scope "email \
You will need to follow the OIDC-flow, which usually involves authentication in a web-browser. If the browser does not start, you can copy paste the displayed URL.
Generating account configuration ...
To continue and approve the registered client visit the following URL in a Browser of your choice:
Polling oidc-agent to get the generated account configuration .....success
The generated account config was successfully added to oidc-agent. You don't have to run oidc-add.
Finally, you will be be asked for a password on the commandline to safely store your credentials.
Enter encryption password for account configuration '<shortname>':
Confirm encryption Password:
Note: You need to run the webbrowser on the same host as the
oidc-gencommand. If you operate on a remote machine, you need to use the device code flow, by adding
--flow=deviceto the above commandline.
Advanced users may succeed by otherwise ensuring that the browser you are using can connect to the host on which
oidc-agentrun on ports 4242, 8080 or 43985.