/users/aai/check-in/obtaining-tokens/Recent content in Obtaining Access/Refresh Tokens on DocumentationHugo -- gohugo.io/users/aai/check-in/obtaining-tokens/oidc-agent/Mon, 01 Jan 0001 00:00:00 +0000/users/aai/check-in/obtaining-tokens/oidc-agent/ <p>The <a href="https://github.com/indigo-dc/oidc-agent">oidc-agent</a> is a command-line tool for managing OpenID Connect tokens developed by <a href="https://www.kit.edu/">Karlsruhe Institute of Technology (KIT)</a>.</p> <h2 id="obtain-a-token">Obtain a Token</h2> <p>If you haven&rsquo;t installed oidc-agent in your system, please read the <a href="https://indigo-dc.gitbook.io/oidc-agent/installation">installation guide</a>.</p> <div class="alert alert-info" role="alert"> <h4 class="alert-heading">Note</h4> Please make sure that you have installed the version 4.3.0 or later </div> <p>Make sure that the <code>oidc-agent-service</code> is started by executing the command:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ <span style="color:#204a87">eval</span> <span style="color:#4e9a06">`</span>oidc-agent-service start<span style="color:#4e9a06">`</span> </span></span></code></pre></div><p>To obtain a Token you need to execute the following command:</p> <ul class="nav nav-tabs" id="tabs-1" role="tablist"> <li class="nav-item"> <a class="nav-link active" id="tabs-1-0-tab" data-toggle="tab" href="#tabs-1-0" role="tab" aria-controls="tabs-1-0" aria-selected="true"> Production </a> </li> <li class="nav-item"> <a class="nav-link" id="tabs-1-1-tab" data-toggle="tab" href="#tabs-1-1" role="tab" aria-controls="tabs-1-1" aria-selected="false"> Demo </a> </li> <li class="nav-item"> <a class="nav-link" id="tabs-1-2-tab" data-toggle="tab" href="#tabs-1-2" role="tab" aria-controls="tabs-1-2" aria-selected="false"> Development </a> </li> </ul> <div class="tabx-content" id="tabs-1-content"> <div class="tab-pane show active" id="tabs-1-0" role="tabpanel" aria-labelled-by="tabs-1-0-tab"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ oidc-gen --pub --issuer https://aai.egi.eu/auth/realms/egi </span></span></code></pre></div> </div> <div class="tab-pane " id="tabs-1-1" role="tabpanel" aria-labelled-by="tabs-1-1-tab"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ oidc-gen --pub --issuer https://aai-demo.egi.eu/auth/realms/egi </span></span></code></pre></div> </div> <div class="tab-pane " id="tabs-1-2" role="tabpanel" aria-labelled-by="tabs-1-2-tab"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ oidc-gen --pub --issuer https://aai-dev.egi.eu/auth/realms/egi </span></span></code></pre></div> </div> </div> <p>Then enter a short name for the account to configure, and the scopes that the Access Token should contain.</p> <div class="alert alert-info" role="alert"> <h4 class="alert-heading">Note</h4> To get a <strong>Refresh Token</strong> you need to specify the <code>offline_access</code> scope in the requested scopes </div> <p>After that, you need to log in either by visiting the provided URL or by scanning the displayed QR code, and then provide the <strong>user code</strong> displayed in the oidc-agent.</p> <p>Last but not least, you will need to provide an encryption password to protect the obtained Access/Refresh Token.</p> <p>For more information, please read the <a href="https://indigo-dc.gitbook.io/oidc-agent/">oidc-agent documentation</a>.</p>/users/aai/check-in/obtaining-tokens/token-portal/Mon, 01 Jan 0001 00:00:00 +0000/users/aai/check-in/obtaining-tokens/token-portal/ <p>The EGI Check-in Token Portal allows users to create Access and Refresh Tokens.</p> <h2 id="obtain-an-access-token">Obtain an Access Token</h2> <p>In order to obtain an Access Token from EGI Check-in Token Portal, please follow the steps below:</p> <ol> <li>Go to <a href="https://aai.egi.eu/token">https://aai.egi.eu/token</a> and click on &ldquo;Authorise&rdquo; to authenticate yourself. <img src="check-in-token-login.png" alt="EGI Check-in Token Portal Home Page"></li> <li>After logging in you will obtain an Access Token as it is shown below: <img src="check-in-token-access-token.png" alt="EGI Check-in Token Portal Access Token"> <ol> <li>The value of the Access Token</li> <li>The command to get user&rsquo;s information from <code>userinfo</code> endpoint. Running this <code>curl</code> command will also print out your OIDC entitlements.</li> <li>Obtain a Refresh Token (more info in <a href="#obtain-a-refresh-token">Obtain a Refresh Token</a> section)</li> <li>View and manage the applications you have given permissions</li> </ol> </li> </ol> <h2 id="obtain-a-refresh-token">Obtain a Refresh Token</h2> <p>In order to obtain an Refresh Token from EGI Check-in Token Portal, please follow the steps below:</p> <ol> <li>Go to <a href="https://aai.egi.eu/token">https://aai.egi.eu/token</a> and click on &ldquo;Authorise&rdquo; to authenticate yourself. <img src="check-in-token-login.png" alt="EGI Check-in Token Portal Home Page"></li> <li>After logging in click on &ldquo;Create Refresh Token&rdquo;: <img src="check-in-token-access-token-2.png" alt="EGI Check-in Token Portal Access Token"></li> <li>Then you will be redirected back to EGI Check-in Token Portal and you will have obtained a Refresh Token: <img src="check-in-token-refresh-token.png" alt="EGI Check-in Token Portal Refresh Token"> <ol> <li>The value of the Refresh Token</li> <li>The command to generate new Access Token using the Refresh Token</li> </ol> </li> </ol>