Provided by: oidc-agent-cli_4.2.6-1.1build3_amd64 
NAME
oidc-agent - OIDC token agent
SYNOPSIS
oidc-agent [OPTION...]
DESCRIPTION
oidc-agent -- An agent to manage oidc token
General:
--always-allow-idtoken Always allow id-token requests without manual
approval by the user.
-a, --socket-path=PATH, --bind_address=PATH
Create the UNIX-domain used for communicating with the agent at this PATH. The default is
'$TMPDIR/oidc-XXXXXX/oidc-agent.<ppid>'. Use 'XXXXXX' as the last six characters of a directory in
the path to substitute them with random characters.
-c, --confirm
Requires user confirmation when an application requests an access token for any loaded
configuration
--json Print agent socket and pid as JSON instead of bash.
-k, --kill
Kill the current agent (given by the OIDCD_PID environment variable)
--no-autoload
Disables the autoload feature: A token request cannot load the needed configuration. You have to
do it with oidc-add.
--no-autoreauthenticate, --no-auto-reauthenticate
Disables the automatic re-authentication feature: If a refresh token expired the re-atuhentiacte
is not started automatically; you have to do it manually.
--no-scheme
This option applies only when the authorization code flow is used. oidc-agent will not use a
custom uri scheme redirect.
--no-webserver
This option applies only when the authorization code flow is used. oidc-agent will not start a
webserver. Redirection to oidc-gen through a custom uri scheme redirect uri and 'manual' redirect
is possible.
--pw-store[=TIME]
Keeps the encryption passwords for all loaded account configurations encrypted in memory for TIME
seconds. Can be overwritten for a specific configuration with oidc-add. Default value for TIME:
Forever
--quiet
Disable informational messages to stdout.
--seccomp
Enables seccomp system call filtering; allowing only predefined system calls.
-t, --lifetime=TIME
Sets a default value in seconds for the maximum lifetime of account configurations added to the
agent. A lifetime specified for an account configuration with oidc-add overwrites this default
value. Without this option the default maximum lifetime is forever.
--with-group[=GROUP_NAME]
This option allows that applications running under another user can access the agent. The user
running the other application and the user running the agent have to be in the specified group. If
no GROUP_NAME is specified the default is 'oidc-agent'.
Verbosity:
-d, --console
Runs oidc-agent on the console, without daemonizing.
-g, --debug
Sets the log level to DEBUG.
--log-stderr
Additionally prints log messages to stderr.
--status
Connects to the currently running agent and prints status information about it.
Help:
-?, --help
Give this help list
--usage
Give a short usage message
-V, --version
Print program version
Mandatory or optional arguments to long options are also mandatory or optional for any corresponding
short options.
FILES
$TMPDIR/oidc-XXXXXX/oidc-agent.<ppid>
UNIX-domain sockets used to contain the connection to the agent.
EXAMPLES
oidc-agent
Starts oidc-agent and prints the commands needed for setting the required environment variables.
eval `oidc-agent`
Starts oidc-agent and sets the required environment variables (only for this shell).
oidc-agent > ~/tmp/oidc-agent.env
Starts oidc-agent and exports the needed shell commands to ~/tmp/oidc-agent.env Can be used to
persist the agent.
REPORTING BUGS
Report bugs to <https://github.com/indigo-dc/oidc-agent/issues>
Subscribe to our mailing list to receive important updates about oidc-agent:
<https://www.lists.kit.edu/sympa/subscribe/oidc-agent-user>.
SEE ALSO
oidc-gen(1), oidc-add(1), oidc-token(1), oidc-keychain(1)
Low-traffic mailing list with updates such as critical security incidents and new releases:
https://www.lists.kit.edu/sympa/subscribe/oidc-agent-user
Full documentation can be found at https://indigo-dc.gitbooks.io/oidc-agent/user/oidc-agent
oidc-agent 4.2.6 March 2024 OIDC-AGENT(1)