lunar (1) oidc-token.1.gz

Provided by: oidc-agent-cli_4.2.6-1_amd64 bug

NAME

       oidc-token - gets OIDC access token from oidc-agent

SYNOPSIS

       oidc-token [OPTION...] ACCOUNT_SHORTNAME | ISSUER_URL

DESCRIPTION

       oidc-token -- A client for oidc-agent for getting OIDC access tokens.

              General:

       -a, --all
              Return  all  available  information (token, issuer, expiration time). Each value is
              printed in one line.

       -c, --env
              This will get all available information (same as -a), but will print shell commands
              that  export  environment variables (default names).  The result for this option is
              the same as for using 'oidc-token -oie'. With the -o -i and -e options the name  of
              each environment variable can be changed.

       -e, --expires-at[=OIDC_EXP]
              Return  the expiration time for the requested access token. If neither -i nor -o is
              set and OIDC_EXP is not passed, the expiration time is printed to stdout. Otherwise
              shell commands are printed that will export the value into an environment variable.
              The name of this variable can be set with OIDC_EXP.

       -f, --force-new
              Forces that a new access token is issued and returned.

       -i, --issuer[=OIDC_ISS]
              Return the issuer associated with the requested access token. If neither -e nor  -o
              is set and OIDC_ISS is not passed, the issuer is printed to stdout. Otherwise shell
              commands are printed that will export the value into an environment  variable.  The
              name of this variable can be set with OIDC_ISS.

       -o, --token[=OIDC_AT]
              Return  the  requested access token. If neither -i nor -e is set and OIDC_AT is not
              passed, the token is printed to stdout (Same behaviour  as  without  this  option).
              Otherwise shell commands are printed that will export the value into an environment
              variable. The name of this variable can be set with OIDC_AT.

       -t, --time=SECONDS
              Minimum number of seconds the access token should be valid

              Advanced:

       --aud=AUDIENCE
              Audience for the requested access token. Multiple audiences can be  provided  as  a
              space separated list

       --id-token
              Returns  an  id-token  instead  of  an  access  token.   This  option is meant as a
              development tool.  ID-tokens should not be passed as authorization to resources.

       --name=NAME
              This option is intended for other applications / scripts that  call  oidc-token  to
              obtain an access token. NAME is the name of this application and might be displayed
              to the user.

       --seccomp
              Enables seccomp system call filtering; allowing only predefined system calls.

       -s, --scope=SCOPE
              Scope to be requested for the  requested  access  token.  Multiple  scopes  can  be
              provided as a space separated list or by using the option multiple times.

              Help:

       -?, --help
              Give this help list

       --usage
              Give a short usage message

       -V, --version
              Print program version

       Mandatory  or  optional  arguments  to long options are also mandatory or optional for any
       corresponding short options.

FILES

       oidc-token does not read or write any files.

EXAMPLES

       oidc-token example
              Gets an access token for the 'example' account configuration.

       oidc-token example -t 60
              Gets an access token for the 'example' account configuration which  will  be  valid
              for at least 60 seconds.

       oidc-token example -i
              Gets the issuer url associated to the requested access token.

       oidc-token example -a
              Gets  an  access  token,  the associated issuer url, and the expiration date of the
              token. One information per line.

       eval `oidc-token example -c`
              Sets environment variables with the access token, the associated  issuer  url,  and
              the expiration date of the token.

       oidc-token example --scope=openid --scope=profile
              Gets  an  access  token  for the 'example' account configuration which will be only
              valid for the 'openid' and 'profile' scope.

REPORTING BUGS

       Report bugs to <https://github.com/indigo-dc/oidc-agent/issues>
       Subscribe  to  our  mailing  list  to  receive   important   updates   about   oidc-agent:
       <https://www.lists.kit.edu/sympa/subscribe/oidc-agent-user>.

SEE ALSO

       oidc-agent(1), oidc-add(1), oidc-gen(1)

       Low-traffic  mailing  list  with  updates  such  as  critical  security  incidents and new
       releases: https://www.lists.kit.edu/sympa/subscribe/oidc-agent-user

       Full documentation can  be  found  at  https://indigo-dc.gitbooks.io/oidc-agent/user/oidc-
       token