GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → indigo-dc → oidc-agent

indigo-dc / oidc-agent

Licence: MIT License
oidc-agent for managing OpenID Connect tokens on the command line

Programming Languages

c
50402 projects - #5 most used programming language
Makefile
30231 projects
shell
77523 projects
HTML
75241 projects

Labels

clicommandlinecommand-lineopenidconnectcli-appopenidopenid-connectoidcaccess-tokenoidc-agentoidc-tokenoidc-token-management

Projects that are alternatives of or similar to oidc-agent

sotsera.blazor.oidc
OpenID Connect client for Blazor client-side projects
Stars: ✭ 21 (-55.32%)
Mutual labels:  openid, openid-connect, oidc
oidc
Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation
Stars: ✭ 475 (+910.64%)
Mutual labels:  openidconnect, openid-connect, oidc
Node Oidc Provider
OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js
Stars: ✭ 2,018 (+4193.62%)
Mutual labels:  openid, openid-connect, oidc
fastapi-azure-auth
Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 B2C, single- and multi-tenant support.
Stars: ✭ 174 (+270.21%)
Mutual labels:  openidconnect, openid, oidc
Hydra
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.
Stars: ✭ 11,884 (+25185.11%)
Mutual labels:  openid, openid-connect, oidc
auth-backends
Custom authentication backends and views for edX services
Stars: ✭ 20 (-57.45%)
Mutual labels:  openid-connect, oidc
Ttyplot
a realtime plotting utility for terminal/console with data input from stdin
Stars: ✭ 532 (+1031.91%)
Mutual labels:  commandline, cli-app
example-oidc
OIDC (OpenID Connect) Example for http://openid.net/connect/
Stars: ✭ 221 (+370.21%)
Mutual labels:  openid-connect, oidc
steam-openid-connect-provider
Steam OpenID Connect Identity Provider (IdP)
Stars: ✭ 40 (-14.89%)
Mutual labels:  openid, openid-connect
Cobra
A Commander for modern Go CLI interactions
Stars: ✭ 24,437 (+51893.62%)
Mutual labels:  commandline, cli-app
angular-auth-oidc-sample-google-openid
Angular oidc client with google Identity OpenID
Stars: ✭ 23 (-51.06%)
Mutual labels:  openid, oidc
cmdr
POSIX-compliant command-line UI (CLI) parser and Hierarchical-configuration operations
Stars: ✭ 94 (+100%)
Mutual labels:  commandline, cli-app
fab-oidc
Flask-AppBuilder SecurityManager for OpenIDConnect
Stars: ✭ 28 (-40.43%)
Mutual labels:  openidconnect, oidc
AspNetCore6Experiments
ASP.NET Core Blazor BFF with Azure AD and Razor page
Stars: ✭ 43 (-8.51%)
Mutual labels:  openid-connect, oidc
lemonldap-ng
LemonLDAP::NG main code
Stars: ✭ 49 (+4.26%)
Mutual labels:  openidconnect, openid-connect
aws-cdk-github-oidc
CDK constructs to use OpenID Connect for authenticating your Github Action workflow with AWS IAM
Stars: ✭ 59 (+25.53%)
Mutual labels:  openid-connect, oidc
go-oidc-middleware
OpenID Connect (OIDC) http middleware for Go
Stars: ✭ 65 (+38.3%)
Mutual labels:  openid-connect, oidc
mock-oauth2-server
A scriptable/customizable web server for testing HTTP clients using OAuth2/OpenID Connect or applications with a dependency to a running OAuth2 server (i.e. APIs requiring signed JWTs from a known issuer)
Stars: ✭ 83 (+76.6%)
Mutual labels:  openid-connect, oidc
Nginx Openid Connect
Reference implementation of OpenID Connect integration for NGINX Plus
Stars: ✭ 96 (+104.26%)
Mutual labels:  openidconnect, openid-connect
Jose2go
Golang (GO) implementation of Javascript Object Signing and Encryption specification
Stars: ✭ 150 (+219.15%)
Mutual labels:  openidconnect, openid
View All Similar Projects ➔

oidc-agent logo

License Total alerts Language grade Code size Release date Release version

oidc-agent

oidc-agent is a set of tools to manage OpenID Connect tokens and make them easily usable from the command line. We followed the ssh-agent design, so users can handle OIDC tokens in a similar way as they do with ssh keys.

oidc-agent is usually started in the beginning of an X-session or a login session. Through use of environment variables the agent can be located and used to handle OIDC tokens.

The agent initially does not have any account configurations loaded. You can load an account configuration by using oidc-add. Multiple account configurations may be loaded in oidc-agent concurrently. oidc-add is also used to remove a loaded configuration from oidc-agent. oidc-gen is used to initially generate an account configurations file (Help for different providers).

Full documentation can be found at https://indigo-dc.gitbooks.io/oidc-agent/.

We have a low-traffic mailing list with updates such as critical security incidents and new releases: Subscribe oidc-agent-user

Installation

Current releases are available at GitHub or http://repo.data.kit.edu/

Debian Packages

  • sudo apt-key adv --keyserver hkp://pgp.surfnet.nl --recv-keys ACDFB08FDC962044D87FF00B512839863D487A87

  • Depending on your distribution, choose one of the following lines:

    sudo add-apt-repository "deb http://repo.data.kit.edu/debian/buster ./"
sudo add-apt-repository "deb http://repo.data.kit.edu/debian/bullseye ./"
sudo add-apt-repository "deb http://repo.data.kit.edu/ubuntu/bionic ./"

  • sudo apt-get update

  • sudo apt-get install oidc-agent

MacOS

brew tap indigo-dc/oidc-agent
brew install oidc-agent
brew cask install pashua # optionally, needed for gui prompting

From Source

Refer to the documentation

Debian:

make deb

Quickstart

After installation the agent has to be started. Usually the agent is started on system startup and is then available on all terminals ( see integration). Therefore, after installation the options are to restart your X-Session or to start the agent manually.

eval `oidc-agent-service start`

This starts the agent and sets the required environment variables.

Create an agent account configuration with oidc-gen

For most OpenID Connect providers an agent account configuration can be created with one of the following calls. Make sure that you can run a web-browser on the same host where you run the oidc-gen command.

oidc-gen <shortname>
oidc-gen --pub <shortname>

For more information on the different providers refer to integrate with different providers.

oidc-gen supports different OIDC flows. To use the device flow instead of the authorization code flow include the --flow=device option.

After an account configuration is created it can be used with the shortname to obtain access tokens. One does not need to run oidc-gen again unless to update or create a new account configuration.

Use oidc-add to load an account configuration

oidc-add <shortname>

However, usually it is not necessary to load an account configuration with oidc-add. One can directly request an access token for a configuration and oidc-agent will automatically load it if it is not already loaded.

Obtaining an access token

oidc-token <shortname>

Alternatively, it is also possible to request an access token without specifying the shortname of a configuration but with the issuer url:

oidc-token <issuer_url>

This way is recommended when writing scripts that utilize oidc-agent to obtain access tokens. This allows that the script can be easily used by others without them having to update the shortname.

List existing configuration

oidc-add -l
oidc-gen -l

These commands both give a list of all existing account configurations.

A list of the currently loaded accounts can be retrieved with:

oidc-add -a

Updating an existing account configuration

An existing account configuration can be updated with oidc-gen:

oidc-gen -m <shortname>

Reauthenticating

If the refresh token stored in the account configuration expired a new one must be created. However, it is not required to create a new account configuration, it is enough to run:

oidc-gen <shortname> --reauthenticate

Usage with SSH

oidc-agent supports your work on remote hosts in two ways:

Create an agent account configuration on a remote host

On remote hosts you usually have no way to start a web browser for authentication. In such scenarios, the device flow can be used, but adding the flow=device option to oidc-gen:

oidc-gen --flow=device<shortname>

Agent Forwarding

To use on oidc-agent on one host (typically your workstation or laptop) from ssh-logins to other a remote host, you need to forward the local socket of oidc-agent to the remote side, and there point the OIDC_SOCK environment variable to the forwarded socket. Details for what we call "agent-forwarding", are described here in the gitbook.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].