oidc-agent - OIDC token agent
oidc-agent -- An agent to manage oidc token
- General:
- --always-allow-idtoken
Always allow id-token requests without manual
- approval by the user.
- -a,
--socket-path=PATH, --bind_address=PATH
- Create the UNIX-domain used for communicating with the agent at this PATH.
The default is '$TMPDIR/oidc-XXXXXX/oidc-agent.<ppid>'. Use 'XXXXXX'
as the last six characters of a directory in the path to substitute them
with random characters.
- -c, --confirm
- Requires user confirmation when an application requests an access token
for any loaded configuration
- --json
- Print agent socket and pid as JSON instead of bash.
- -k, --kill
- Kill the current agent (given by the OIDCD_PID environment variable)
- --no-autoload
- Disables the autoload feature: A token request cannot load the needed
configuration. You have to do it with oidc-add.
- --no-autoreauthenticate,
--no-auto-reauthenticate
- Disables the automatic re-authentication feature: If a refresh token
expired the re-atuhentiacte is not started automatically; you have to do
it manually.
- --no-scheme
- This option applies only when the authorization code flow is used.
oidc-agent will not use a custom uri scheme redirect.
- --no-webserver
- This option applies only when the authorization code flow is used.
oidc-agent will not start a webserver. Redirection to oidc-gen through a
custom uri scheme redirect uri and 'manual' redirect is possible.
- --pw-store[=TIME]
- Keeps the encryption passwords for all loaded account configurations
encrypted in memory for TIME seconds. Can be overwritten for a specific
configuration with oidc-add. Default value for TIME: Forever
- --quiet
- Disable informational messages to stdout.
- --seccomp
- Enables seccomp system call filtering; allowing only predefined system
calls.
- -t,
--lifetime=TIME
- Sets a default value in seconds for the maximum lifetime of account
configurations added to the agent. A lifetime specified for an account
configuration with oidc-add overwrites this default value. Without this
option the default maximum lifetime is forever.
- --with-group[=GROUP_NAME]
- This option allows that applications running under another user can access
the agent. The user running the other application and the user running the
agent have to be in the specified group. If no GROUP_NAME is specified the
default is 'oidc-agent'.
- Verbosity:
- -d, --console
- Runs oidc-agent on the console, without daemonizing.
- -g, --debug
- Sets the log level to DEBUG.
- --log-stderr
- Additionally prints log messages to stderr.
- --status
- Connects to the currently running agent and prints status information
about it.
- Help:
- -?, --help
- Give this help list
- --usage
- Give a short usage message
- -V, --version
- Print program version
Mandatory or optional arguments to long options are also mandatory
or optional for any corresponding short options.
$TMPDIR/oidc-XXXXXX/oidc-agent.<ppid>
UNIX-domain sockets used to contain the connection to the
agent.
oidc-agent
Starts oidc-agent and prints the commands needed for
setting the required environment variables.
eval `oidc-agent`
Starts oidc-agent and sets the required environment
variables (only for this shell).
oidc-agent > ~/tmp/oidc-agent.env
Starts oidc-agent and exports the needed shell commands
to ~/tmp/oidc-agent.env Can be used to persist the agent.
Report bugs to
<https://github.com/indigo-dc/oidc-agent/issues>
Subscribe to our mailing list to receive important updates about oidc-agent:
<https://www.lists.kit.edu/sympa/subscribe/oidc-agent-user>.
oidc-gen(1), oidc-add(1), oidc-token(1), oidc-keychain(1)
Low-traffic mailing list with updates such as critical security
incidents and new releases:
https://www.lists.kit.edu/sympa/subscribe/oidc-agent-user
Full documentation can be found at
https://indigo-dc.gitbooks.io/oidc-agent/user/oidc-agent