You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Autoload: If an application requests an access token for an account configuration that is not yet loaded the user can be prompted to load it and then the application can receive the requested access token. No need to run oidc-add preventively. See also the Tips section in the documentation.
Confirmation: When loading an account configuration with oidc-add the new -c/--confirm option can be used. Similar to ssh-add this option requires confirmation by the user whenever the account configuration should be used, i.e. whenever an application requests an access token for that account configuration the user will be prompted if he wants to allow or deny this usage. The option can also be turned on for all configuration loaded into the agent when specifying this option on agent startup.
Changing refresh token: A provider might decide that it issues a new refresh token whenever an access token is issued. In that case oidc-agent has to update the account configuration file. To do this the agent requires the encryption password. The agent supports user prompting, keeping it encrypted in memory, reading it from a user provided command, and saving it in the system's keyring.
Custom uri schemes: By using a redirect uri of the form edu.kit.data.oidc-agent:/<path> the agent can skip the normally started httpserver and redirect directly to oidc-gen to complete the account configuration generation process.
Manual redirect: The auth code flow can now be done completly without the httpserver started by oidc-agent. Either through usage of a custom uri scheme redirect url or by manually copying the url the user is redirect to from the browser and passing it to oidc-gen --codeExchange='<url>'.
XSession integration: oidc-agent is now integrated with Xsession to automatically be available in all terminals throughout an Xsession.
Changes
Changed the underlying architecture by splitting oidc-agent internally into two components
Changed the oidc-agent flag for console mode from -c to -d
Changed the default port for redirect urls registered with dynamically registered clients from 2912 to 4242
Enhancements
When the auth code flow fails at the redirect because of problems with the httpserver, the url can be passed manually to oidc-gen --codeExchange='<url>'
When a refresh token expired the user has to reauthenticate to obtain a new valid refresh token. Instead of using oidc-gen -m to do this the user can also use the new oidc-gen --reauthenticate option (the user won't have to confirm that all other data should not be changed).
The oidc-gen -u option that updates an encrypted file to the newest encryption and file format version can now also be used with unencrypted files
When using oidc-gen -d the account config now does not have to be loaded. The refresh token can also be revoked if not loaded.
