{"id":20227490,"url":"https://github.com/indigo-dc/oidc-agent","last_synced_at":"2025-04-04T20:05:42.535Z","repository":{"id":37733037,"uuid":"96771011","full_name":"indigo-dc/oidc-agent","owner":"indigo-dc","description":"oidc-agent for managing OpenID Connect tokens on the command line","archived":false,"fork":false,"pushed_at":"2025-03-11T10:35:32.000Z","size":6699,"stargazers_count":125,"open_issues_count":8,"forks_count":32,"subscribers_count":11,"default_branch":"prerel","last_synced_at":"2025-03-28T19:07:43.205Z","etag":null,"topics":["access-token","c","cli","cli-app","command-line","commandline","oidc","oidc-agent","oidc-token","oidc-token-management","openid","openid-connect","openidconnect"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/indigo-dc.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-10T11:42:00.000Z","updated_at":"2025-03-25T13:02:57.000Z","dependencies_parsed_at":"2023-02-13T00:31:10.470Z","dependency_job_id":"640d576f-0e05-4f5a-896c-ec3a24eaab6a","html_url":"https://github.com/indigo-dc/oidc-agent","commit_stats":{"total_commits":1988,"total_committers":25,"mean_commits":79.52,"dds":"0.25855130784708247","last_synced_commit":"5ea52e13e429e350281950c72db805c0484b3494"},"previous_names":[],"tags_count":86,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indigo-dc%2Foidc-agent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indigo-dc%2Foidc-agent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indigo-dc%2Foidc-agent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indigo-dc%2Foidc-agent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/indigo-dc","download_url":"https://codeload.github.com/indigo-dc/oidc-agent/tar.gz/refs/heads/prerel","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247242669,"owners_count":20907133,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-token","c","cli","cli-app","command-line","commandline","oidc","oidc-agent","oidc-token","oidc-token-management","openid","openid-connect","openidconnect"],"created_at":"2024-11-14T07:25:00.267Z","updated_at":"2025-04-04T20:05:42.503Z","avatar_url":"https://github.com/indigo-dc.png","language":"C","readme":"![oidc-agent logo](https://raw.githubusercontent.com/indigo-dc/oidc-agent/master/logo_wide.png)\n\u003c!-- [![Build Status](https://jenkins.indigo-datacloud.eu/buildStatus/icon?job=Pipeline-as-code/oidc-agent/master)](https://jenkins.indigo-datacloud.eu/job/Pipeline-as-code/job/oidc-agent/job/master/) --\u003e\n[![License](https://img.shields.io/github/license/indigo-dc/oidc-agent.svg)](https://github.com/indigo-dc/oidc-agent/blob/master/LICENSE)\n[![Code size](https://img.shields.io/github/languages/code-size/indigo-dc/oidc-agent.svg)](https://github.com/indigo-dc/oidc-agent/tree/master/src)\n[![Release date](https://img.shields.io/github/release-date/indigo-dc/oidc-agent.svg)](https://github.com/indigo-dc/oidc-agent/releases/latest)\n[![Release version](https://img.shields.io/github/release/indigo-dc/oidc-agent.svg)](https://github.com/indigo-dc/oidc-agent/releases/latest)\n\u003c!-- [![Commits since latest release](https://img.shields.io/github/commits-since/indigo-dc/oidc-agent/latest.svg)](https://github.com/indigo-dc/oidc-agent/compare/latest...master) --\u003e\n\u003c!-- [![Commit activity](https://img.shields.io/github/commit-activity/m/indigo-dc/oidc-agent.svg)](https://github.com/indigo-dc/oidc-agent/graphs/commit-activity) --\u003e\n\u003c!-- [![Github downloads](https://img.shields.io/github/downloads/indigo-dc/oidc-agent/total.svg?label=github%20downloads\u0026logo=github\u0026style=flat)](https://github.com/indigo-dc/oidc-agent/releases) --\u003e\n\n# oidc-agent\n\noidc-agent is a set of tools to manage OpenID Connect tokens and make them easily usable from the command line. We\nfollowed the\n[`ssh-agent`](https://www.openssh.com/) design, so users can handle OIDC tokens in a similar way as they do with ssh\nkeys.\n\n`oidc-agent` is usually started in the beginning of an X-session or a login session. Through use of environment\nvariables the agent can be located and used to handle OIDC tokens.\n\nThe agent initially does not have any account configurations loaded. You can load an account configuration by\nusing `oidc-add`. Multiple account configurations may be loaded in `oidc-agent` concurrently.  `oidc-add` is also used\nto remove a loaded configuration from `oidc-agent`. `oidc-gen` is used to initially generate an account configurations\nfile [(Help for different providers)](https://indigo-dc.gitbook.io/oidc-agent/user/oidc-gen/provider).\n\n**Full documentation** can be found at https://indigo-dc.gitbooks.io/oidc-agent/.\n\nWe have a low-traffic **mailing list** with updates such as critical security incidents and new\nreleases: [Subscribe oidc-agent-user](https://www.lists.kit.edu/sympa/subscribe/oidc-agent-user)\n\n## Installation\n\noidc-agent is directly available for some distributions.\nAdditionally, we build the newest packages fora wide range of different\ndistributions that are available at: http://repo.data.kit.edu/\n\n### Linux\n\n#### Debian 12 and newer / Ubuntu 22.04 and newer\n\n```shell\nsudo apt-get install oidc-agent\n```\n\n#### Other distributions\n\nSee http://repo.data.kit.edu/\n\n### MacOS\n\n```\nbrew tap indigo-dc/oidc-agent\nbrew install oidc-agent\n```\n\n### windows\n\nThe installer for windows is available at http://repo.data.kit.edu/windows/oidc-agent\n\n### From Source\n\nRefer to the [documentation](https://indigo-dc.gitbook.io/oidc-agent/installation/install#from-source)\n\n### Quickstart\n\nAfter [installation](https://indigo-dc.gitbook.io/oidc-agent/installation/install) the agent has to be started. Usually\nthe agent is started on system startup and is then available on all terminals (\nsee [integration](https://indigo-dc.gitbook.io/oidc-agent/configuration/integration)). Therefore, after installation the\noptions are to restart your X-Session or to start the agent manually.\n\n```\neval `oidc-agent-service start`\n```\n\nThis starts the agent and sets the required environment variables.\n\n#### Create an agent account configuration with oidc-gen\n\nFor most OpenID Connect providers an agent account configuration can be created with one of the following calls. Make\nsure that you can run a web-browser on the same host where you run the `oidc-gen` command.\n\n```\noidc-gen \u003cshortname\u003e\noidc-gen --pub \u003cshortname\u003e\n```\n\nFor more information on the different providers refer\nto [integrate with different providers](https://indigo-dc.gitbook.io/oidc-agent/user/oidc-gen/provider).\n\n**`oidc-gen` supports different OIDC flows. To use the device flow instead of the authorization code flow include\nthe `--flow=device` option.**\n\nAfter an account configuration is created it can be used with the shortname to obtain access tokens. One does not need\nto run `oidc-gen` again unless to update or create a new account configuration.\n\n#### Use oidc-add to load an account configuration\n\n```\noidc-add \u003cshortname\u003e\n```\n\nHowever, usually it is not necessary to load an account configuration with\n`oidc-add`. One can directly request an access token for a configuration and\n`oidc-agent` will automatically load it if it is not already loaded.\n\n#### Obtaining an access token\n\n```\noidc-token \u003cshortname\u003e\n```\n\nAlternatively, it is also possible to request an access token without specifying the shortname of a configuration but\nwith the issuer url:\n\n```\noidc-token \u003cissuer_url\u003e\n```\n\nThis way is recommended when writing scripts that utilize oidc-agent to obtain access tokens. This allows that the\nscript can be easily used by others without them having to update the shortname.\n\n#### List existing configuration\n\n```\noidc-add -l\noidc-gen -l\n```\n\nThese commands both give a list of all existing account configurations.\n\nA list of the currently loaded accounts can be retrieved with:\n\n```\noidc-add -a\n```\n\n#### Updating an existing account configuration\n\nAn existing account configuration can be updated with `oidc-gen`:\n\n```\noidc-gen -m \u003cshortname\u003e\n```\n\n#### Reauthenticating\n\nIf the refresh token stored in the account configuration expired a new one must be created. However, it is not required\nto create a new account configuration, it is enough to run:\n\n```\noidc-gen \u003cshortname\u003e --reauthenticate\n```\n\n## Usage with SSH\n\n`oidc-agent` supports your work on remote hosts in two ways:\n\n### Create an agent account configuration on a remote host\n\nOn remote hosts you usually have no way to start a web browser for authentication. In such scenarios, the **device\nflow** can be used, but adding the `flow=device` option to `oidc-gen`:\n\n```\noidc-gen --flow=device\u003cshortname\u003e\n```\n\n### Agent Forwarding\n\nTo use on oidc-agent on one host (typically your workstation or laptop)\nfrom ssh-logins to other a remote host, you need to forward the local socket of `oidc-agent` to the remote side, and\nthere point the `OIDC_SOCK`\nenvironment variable to the forwarded socket. Details for what we call\n\"agent-forwarding\", are\ndescribed [here in the gitbook](https://indigo-dc.gitbook.io/oidc-agent/configuration/forwarding).\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Findigo-dc%2Foidc-agent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Findigo-dc%2Foidc-agent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Findigo-dc%2Foidc-agent/lists"}