1OIDC-TOKEN(1)                    User Commands                   OIDC-TOKEN(1)
2
3
4

NAME

6       oidc-token - gets OIDC access token from oidc-agent
7

SYNOPSIS

9       oidc-token [OPTION...] ACCOUNT_SHORTNAME | ISSUER_URL
10

DESCRIPTION

12       oidc-token -- A client for oidc-agent for getting OIDC access tokens.
13
14              General:
15
16       -a, --all
17              Return  all  available  information  (token,  issuer, expiration
18              time). Each value is printed in one line.
19
20       -c, --env
21              This will get all available information (same as -a),  but  will
22              print  shell commands that export environment variables (default
23              names).  The result for this option is the  same  as  for  using
24              'oidc-token  -o  -i -e'. With the -o, -i and -e options the name
25              of each environment variable can be changed.
26
27       -e, --expires-at[=OIDC_EXP]
28              Return the expiration time for the requested  access  token.  If
29              neither -i nor -o is set and OIDC_EXP is not passed, the expira‐
30              tion time is printed to stdout.  Otherwise  shell  commands  are
31              printed that will export the value into an environment variable.
32              The name of this variable can be set with OIDC_EXP.
33
34       -f, --force-new
35              Forces that a new access token is issued and returned.
36
37       -i, --issuer[=OIDC_ISS]
38              Return the issuer associated with the requested access token. If
39              neither  -e nor -o is set and OIDC_ISS is not passed, the issuer
40              is printed to stdout. Otherwise shell commands are printed  that
41              will  export the value into an environment variable. The name of
42              this variable can be set with OIDC_ISS.
43
44       -o, --token[=OIDC_AT]
45              Return the requested access token. If neither -i nor -e  is  set
46              and  OIDC_AT is not passed, the token is printed to stdout (Same
47              behaviour as without this option). Otherwise shell commands  are
48              printed that will export the value into an environment variable.
49              The name of this variable can be set with OIDC_AT.
50
51       -t, --time=SECONDS
52              Minimum number of seconds the access token should be valid
53
54              Advanced:
55
56       --aud=AUDIENCE
57              Audience for the requested access token. Multiple audiences  can
58              be provided as a space separated list
59
60       --id-token
61              Returns  an id-token instead of an access token.  This option is
62              meant as a development tool.  ID-tokens should not be passed  as
63              authorization to resources.
64
65       -m, --mytoken[=PROFILE], --MT[=PROFILE]
66              Returns  a  mytoken  instead  of an access token. To specify the
67              properties of the issued mytoken pass a  mytoken  profile.  This
68              option  can only be used with account shortnames not with issuer
69              urls.
70
71       --name=NAME
72              This option is intended for other applications  /  scripts  that
73              call  oidc-token  to obtain an access token. NAME is the name of
74              this application and might be displayed to the user.
75
76       -s, --scope=SCOPE
77              Scope to be requested for the requested access  token.  Multiple
78              scopes can be provided as a space separated list or by using the
79              option multiple times.
80
81              Help:
82
83       -?, --help
84              Give this help list
85
86       --usage
87              Give a short usage message
88
89       -V, --version
90              Print program version
91
92       Mandatory or optional arguments to long options are also  mandatory  or
93       optional for any corresponding short options.
94

FILES

96       oidc-token does not read or write any files.
97

EXAMPLES

99       oidc-token example
100              Gets an access token for the 'example' account configuration.
101
102       oidc-token example -t 60
103              Gets  an  access  token  for the 'example' account configuration
104              which will be valid for at least 60 seconds.
105
106       oidc-token example -i
107              Gets the issuer url associated to the requested access token.
108
109       oidc-token example -a
110              Gets an access token, the associated issuer url, and the expira‐
111              tion date of the token. One information per line.
112
113       eval `oidc-token example -c`
114              Sets environment variables with the access token, the associated
115              issuer url, and the expiration date of the token.
116
117       oidc-token example --scope=openid --scope=profile
118              Gets an access token for  the  'example'  account  configuration
119              which will be only valid for the 'openid' and 'profile' scope.
120

REPORTING BUGS

122       Report bugs to <https://github.com/indigo-dc/oidc-agent/issues>
123       Subscribe  to  our  mailing  list  to  receive  important updates about
124       oidc-agent:                       <https://www.lists.kit.edu/sympa/sub
125       scribe/oidc-agent-user>.
126

SEE ALSO

128       oidc-agent(1), oidc-add(1), oidc-gen(1)
129
130       Low-traffic  mailing  list with updates such as critical security inci‐
131       dents and new releases: https://www.lists.kit.edu/sympa/subscribe/oidc-
132       agent-user
133
134       Full  documentation can be found at https://indigo-dc.gitbooks.io/oidc-
135       agent/user/oidc-token
136
137
138
139oidc-token 5.0.1                September 2023                   OIDC-TOKEN(1)
Impressum