oidc-agent
Search…
KIT
The KIT OIDP supports dynamic client registration, but a special access token is required as authorization. The easiest way is too use the preregistered public client.

Quickstart

Example:
1
$ oidc-gen --pub <shortname>
2
[...]
3
Issuer [https://oidc.scc.kit.edu/auth/realms/kit/]:
4
Space delimited list of scopes [openid profile offline_access]:
5
Generating account configuration ...
6
accepted
7
To continue and approve the registered client visit the following URL in a Browser of your choice:
8
https://[...]
9
[...]
10
success
11
The generated account config was successfully added to oidc-agent. You don't have to run oidc-add.
12
Enter encryption password for account configuration '<shortname>':
13
Confirm encryption Password:
Copied!
The KIT OpenID Provider issues a new refresh token when the current refresh token was used in the refresh flow (whenever a new access token is issued). When the refresh token changes oidc-agent has to update the client configuration file and therefore needs the encryption password. Because with rotating refresh tokens, this will happen quite often it is recommended to allow oidc-agent to keep the password in memory by specifying the --pw-store option when loading the account configuration with oidc-add.

Advanced options

To get an initial access token please contact the provider. The token can then be used as authorization through the --at option.