Replies: 1 comment
-
I'm hesitant to add support for this to One major idea when we started implementing oidc-agent was that applications should be able to easily obtain a valid AT. By letting the application request an AT instead of relying on an already existing AT, the application can easily obtain an AT that is guaranteed to be valid. (Advanced applications can also profit from requesting multiple ATs with different scopes / audiences.) I guess we agree that this would be the preferred solution, but requires support by the applications. That's why we also have some support for environment variables in For example the
I know that both of these suffer from the same shortcoming as your last suggested command: For the average-guy this is much more complicated then just calling I see that a I still think that |
Beta Was this translation helpful? Give feedback.
-
Several of our command line tools are beginning to utilize the WLCG bearer token discovery protocol:
https://github.com/WLCG-AuthZ-WG/bearer-token-discovery/
The protocol outlines where a command line tool should discover a token in its POSIX environment.
Is it possible to have
oidc-token
to support this protocol? Two ideas come to mind:oidc-token
,-w
, to write it out to the well-known location for the user.oidc-agent
startup, that does the equivalent of this:Without this, we have to tell users to do things like this:
Which is mysterious magic to most folks.
Beta Was this translation helpful? Give feedback.
All reactions