Skip to content

Add integration with oidc-agent

The 'oidc-agent' software package provides a convenient way for clients to obtain an OIDC access token. This patch allows users to configure the FTS REST clients to request a token from the oidc-agent.

The minimum duration, target audience and scope of the token are all configurable. Any parameter that is not specified will take a default, as provided by oidc-agent. If the scope is not specified then the OP's default scope is used. If audience is not specified then the token will not have any associated target audience, and should be accepted by all services. If minimum validity is not specified then there are no guarantees on how long the token will be valid.

All options may be specified in the configuration file 'fts3client.cfg', which avoids long command-line invocations. However, any value specified on the command-line overrides the configured value.

If the '--access-token' option is specified on the command-line then oidc-agent is not consulted.

Merge request reports