.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.48.1. .TH OIDC-TOKEN "1" "February 2022" "oidc-token 4.2.6" "User Commands" .SH NAME oidc-token \- gets OIDC access token from oidc-agent .SH SYNOPSIS .B oidc-token [\fI\,OPTION\/\fR...] \fI\,ACCOUNT_SHORTNAME | ISSUER_URL\/\fR .SH DESCRIPTION oidc\-token \fB\-\-\fR A client for oidc\-agent for getting OIDC access tokens. .IP General: .TP \fB\-a\fR, \fB\-\-all\fR Return all available information (token, issuer, expiration time). Each value is printed in one line. .TP \fB\-c\fR, \fB\-\-env\fR This will get all available information (same as \fB\-a\fR), but will print shell commands that export environment variables (default names). The result for this option is the same as for using \&'oidc\-token \fB\-oie\fR'. With the \fB\-o\fR \fB\-i\fR and \fB\-e\fR options the name of each environment variable can be changed. .TP \fB\-e\fR, \fB\-\-expires\-at\fR[=\fI\,OIDC_EXP\/\fR] Return the expiration time for the requested access token. If neither \fB\-i\fR nor \fB\-o\fR is set and OIDC_EXP is not passed, the expiration time is printed to stdout. Otherwise shell commands are printed that will export the value into an environment variable. The name of this variable can be set with OIDC_EXP. .TP \fB\-f\fR, \fB\-\-force\-new\fR Forces that a new access token is issued and returned. .TP \fB\-i\fR, \fB\-\-issuer\fR[=\fI\,OIDC_ISS\/\fR] Return the issuer associated with the requested access token. If neither \fB\-e\fR nor \fB\-o\fR is set and OIDC_ISS is not passed, the issuer is printed to stdout. Otherwise shell commands are printed that will export the value into an environment variable. The name of this variable can be set with OIDC_ISS. .TP \fB\-o\fR, \fB\-\-token\fR[=\fI\,OIDC_AT\/\fR] Return the requested access token. If neither \fB\-i\fR nor \fB\-e\fR is set and OIDC_AT is not passed, the token is printed to stdout (Same behaviour as without this option). Otherwise shell commands are printed that will export the value into an environment variable. The name of this variable can be set with OIDC_AT. .TP \fB\-t\fR, \fB\-\-time\fR=\fI\,SECONDS\/\fR Minimum number of seconds the access token should be valid .IP Advanced: .TP \fB\-\-aud\fR=\fI\,AUDIENCE\/\fR Audience for the requested access token. Multiple audiences can be provided as a space separated list .TP \fB\-\-id\-token\fR Returns an id\-token instead of an access token. This option is meant as a development tool. ID\-tokens should not be passed as authorization to resources. .TP \fB\-\-name\fR=\fI\,NAME\/\fR This option is intended for other applications / scripts that call oidc\-token to obtain an access token. NAME is the name of this application and might be displayed to the user. .TP \fB\-s\fR, \fB\-\-scope\fR=\fI\,SCOPE\/\fR Scope to be requested for the requested access token. Multiple scopes can be provided as a space separated list or by using the option multiple times. .TP \fB\-\-seccomp\fR Enables seccomp system call filtering; allowing only predefined system calls. .IP Help: .TP \-?, \fB\-\-help\fR Give this help list .TP \fB\-\-usage\fR Give a short usage message .TP \fB\-V\fR, \fB\-\-version\fR Print program version .PP Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. .SH FILES oidc-token does not read or write any files. .SH EXAMPLES .PP .nf oidc-token example .fi .RS Gets an access token for the 'example' account configuration. .RE .PP .nf oidc-token example -t 60 .fi .RS Gets an access token for the 'example' account configuration which will be valid for at least 60 seconds. .RE .PP .nf oidc-token example -i .fi .RS Gets the issuer url associated to the requested access token. .RE .PP .nf oidc-token example -a .fi .RS Gets an access token, the associated issuer url, and the expiration date of the token. One information per line. .RE .PP .nf eval `oidc-token example -c` .fi .RS Sets environment variables with the access token, the associated issuer url, and the expiration date of the token. .RE .PP .nf oidc-token example --scope=openid --scope=profile .fi .RS Gets an access token for the 'example' account configuration which will be only valid for the 'openid' and 'profile' scope. .RE .PP .SH "REPORTING BUGS" Report bugs to .br Subscribe to our mailing list to receive important updates about oidc\-agent: . .SH "SEE ALSO" oidc-agent(1), oidc-add(1), oidc-gen(1) .PP Low-traffic mailing list with updates such as critical security incidents and new releases: https://www.lists.kit.edu/sympa/subscribe/oidc-agent-user .PP Full documentation can be found at https://indigo-dc.gitbooks.io/oidc-agent/user/oidc-token