oidc-agent
  • Introduction
  • Quickstart
  • Migrating to oidc-agent 5
  • Installation
    • Linux
    • MacOS
    • Windows
  • Configuration
    • oidc-agent Directory
    • General Configuration
    • Custom Request Parameter
    • Configuration of Providers
    • oidc-agent Integration
    • Agent Forwarding
  • Usage
    • oidc-agent
      • Starting oidc-agent
      • General Usage
      • Detailed Information About All Options
    • oidc-agent-service
    • oidc-keychain
      • General Usage
      • Detailed Information About All Options
    • oidc-gen
      • General Usage
      • Detailed Information About All Options
      • Integrate With Different Providers
        • B2Access
        • EGI
        • Elixir
        • Google
        • HBP
        • Helmholtz AAI
        • IAM (INDIGO/DEEP)
        • KIT
        • Any Other Provider
        • Known Issues
        • Client Configuration Values
    • oidc-add
      • General Usage
      • Detailed Information About All Options
    • oidc-token
      • General Usage
      • Detailed Information About All Options
    • oidc-tokensh
      • General Usage
      • Detailed Information About All Options
    • Other Applications Using oidc-agent
    • Tips
    • oidc-agent-server
  • Windows
    • Installation
  • MAC OS
    • State of Feature Support
    • Installation
  • Security
    • Privilege Separation & Architecture
    • Account Configuration Files
    • Credentials
    • Memory
    • Agent Locking
    • Communication
    • Encryption Passwords
    • Autounload (Lifetime)
    • User Confirmation
    • Tracing
    • seccomp
    • Final Note
  • API
    • liboidc-agent4
    • liboidcagent-go
    • liboidcagent-py
    • IPC-API
Powered by GitBook
On this page
  • Advanced options
  • Manual Client Registration
  • Device Flow
  1. Usage
  2. oidc-gen
  3. Integrate With Different Providers

Elixir

PreviousEGINextGoogle

Last updated 5 years ago

Elixir supports dynamic registration, but dynamically registered clients will not have any scopes. Therefore users have to either register a client manually (and get approval for the needed scopes) or use a preregistered public client (recommended).

Example:

$ oidc-gen --pub <shortname>
[...]
Issuer [https://login.elixir-czech.org/oidc/]:
Space delimited list of scopes [openid profile offline_access]:
Generating account configuration ...
accepted
To continue and approve the registered client visit the following URL in a Browser of your choice:
https://[...]
[...]
success
The generated account config was successfully added to oidc-agent. You don't have to run oidc-add.
Enter encryption password for account configuration '<shortname>':
Confirm encryption Password:

Advanced options

Manual Client Registration

If you register a client manually, please see

Device Flow

To use the device flow with Elixir, the client has to have the device grant type registered. This is the case for our public client, however, it might most likely not be the case for a manually registered client. To use the device flow instead of the authorization code flow with the preregistered public client include the --flow=device --pub options.

https://docs.google.com/document/d/1vOyW4dLVozy7oQvINYxHheVaLvwNsvvghbiKTLg7RbY/