oidc-agent
Search…
Introduction
Quickstart
Installation
Configuration
Usage
oidc-agent
oidc-agent-service
oidc-keychain
oidc-gen
General Usage
Detailed Information About All Options
Integrate With Different Providers
B2Access
EGI
Elixir
Google
HBP
Helmholtz AAI
IAM (INDIGO/DEEP)
KIT
Any Other Provider
Known Issues
Client Configuration Values
oidc-add
oidc-token
Other Applications Using oidc-agent
Tips
oidc-agent-server
Windows
MAC OS
Security
API
Powered By GitBook
KIT
The KIT OIDP supports dynamic client registration, but a special access token is required as authorization. The easiest way is too use the preregistered public client.

Quickstart

Example:
1
$ oidc-gen --pub <shortname>
2
[...]
3
Issuer [https://oidc.scc.kit.edu/auth/realms/kit/]:
4
Space delimited list of scopes [openid profile offline_access]:
5
Generating account configuration ...
6
accepted
7
To continue and approve the registered client visit the following URL in a Browser of your choice:
8
https://[...]
9
[...]
10
success
11
The generated account config was successfully added to oidc-agent. You don't have to run oidc-add.
12
Enter encryption password for account configuration '<shortname>':
13
Confirm encryption Password:
Copied!
The KIT OpenID Provider issues a new refresh token when the current refresh token was used in the refresh flow (whenever a new access token is issued). When the refresh token changes oidc-agent has to update the client configuration file and therefore needs the encryption password. Because with rotating refresh tokens, this will happen quite often it is recommended to allow oidc-agent to keep the password in memory by specifying the --pw-store option when loading the account configuration with oidc-add.

Advanced options

To get an initial access token please contact the provider. The token can then be used as authorization through the --at option.
Previous
IAM (INDIGO/DEEP)
Next
Any Other Provider
Last modified 2yr ago
Copy link
Contents
Quickstart
Advanced options