-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add docu; fix typos; fix default account docu
- Loading branch information
Showing
3 changed files
with
26 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # Custom Request Parameter | ||
|
|
||
| Since version `5.2.0` it is possible to customize the requests send by the agent to the OPs and add custom request | ||
| parameters. | ||
|
|
||
| Custom parameters can be configured in a config file named `custom_parameters.config`. As usual the file can be placed | ||
| in `/etc/oidc-agent` or the agent directory. If both are present parameters are merged together. | ||
|
|
||
| The `custom_parameters.config` contains a json array of parameter specifications. A parameter specification is a json | ||
| object that can have the following fields: | ||
|
|
||
| | Field Name | Description | | ||
| |---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ||
| | `parameter` | The name of the parameter to be added to the request | | ||
| | `value` | The value that should be used. The value can be given in different ways. If the value starts with a `$` the following characters are interpreted as an environment variable and the value is read from this variable. If the given value starts with an `/` it is interpreted as a file path and the first line from that file is used as the value. Otherwise the value is used directly. | | ||
| | `for_issuer` | A JSON array of issuer urls for which this parameter should be used | | ||
| | `for_account` | A JSON array of account shortnames for which this parameter should be used | | ||
| | `request` | A JSON array of requests for which this parameter should be used. Possible values are `refresh`, `auth_url`, `code-exchange`,`device-init`,`device-polling`,`registration`,`revocation`,`password` | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,6 @@ | ||
| ## Default Account Configuration for a Provider | ||
|
|
||
| The `issuer.config` file in the [oidc-agent directory](directory.md) can also | ||
| be used to set an default account configuration file for each provider by adding | ||
| the shortname of this account configuration after the issuer url. | ||
| A line in the `issuer.config` file should look the following: | ||
| ``` | ||
| <issuer_url>[<space><shortname>] | ||
| ``` | ||
| be used to set a default account configuration file for each provider by using the `default_account` claim. for more | ||
| details please refer to the [documentations about issuer.config](issuers.md). | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,14 @@ | ||
| ## Known Issues | ||
|
|
||
| ### Expiring Refresh Tokens | ||
|
|
||
| oidc-agent assumes that refresh tokens do not expire. But some providers might | ||
| use refresh tokens that expire after a certain time or when they are not used | ||
| for a specific time. To prevent the latter use oidc-agent / oidc-token regularly | ||
| (you also can use a cron job). | ||
| (you can also use a cron job). | ||
|
|
||
| oidc-agent is able to | ||
| update a stored refresh token. However, therefore it has to receive a new | ||
| refresh token from the provider. If a refresh token expired (e.g. because the token was used within the lifetime of that token), use `oidc-gen --reauthenticate <short_name>` to re-authenticate and update the refresh token. | ||
| refresh token from the provider. If a refresh token expired (e.g. because the token was used within the lifetime of that | ||
| token), use `oidc-gen --reauthenticate <short_name>` to re-authenticate and update the refresh token. | ||
|
|