oidc-agent

Usage guide of oidc-agent

The oidc-agent is a command-line tool for managing OpenID Connect tokens developed by Karlsruhe Institute of Technology (KIT).

Obtain a Token

If you haven’t installed oidc-agent in your system, please read the installation guide.

Note

Please make sure that you have installed the version 4.3.0 or later

Make sure that the oidc-agent-service is started by executing the command:

$ eval `oidc-agent-service start`

To obtain a Token you need to execute the following command:

$ oidc-gen --pub --issuer https://aai.egi.eu/auth/realms/egi

$ oidc-gen --pub --issuer https://aai-demo.egi.eu/auth/realms/egi

$ oidc-gen --pub --issuer https://aai-dev.egi.eu/auth/realms/egi

Then enter a short name for the account to configure, and the scopes that the Access Token should contain.

Note

To get a Refresh Token you need to specify the offline_access scope in the requested scopes

After that, you need to log in either by visiting the provided URL or by scanning the displayed QR code, and then provide the user code displayed in the oidc-agent.

Last but not least, you will need to provide an encryption password to protect the obtained Access/Refresh Token.

For more information, please read the oidc-agent documentation.

Last modified July 25, 2022 by Nick Evangelou : [Check-in] Add OP migration section in the end-user guide (#477)