search

indigo-dc / oidc-agent

oidc-agent for managing OpenID Connect tokens on the command line
MIT License
115 stars 30 forks source link

oidc-token(1) man page contains an inaccuracy #504

Closed paulmillar closed 1 year ago

paulmillar commented 1 year ago

The oidc-token(1) man page contains the following text:

   -c, --env
        This  will  get all available information (same as -a), but will print shell commands that export environment variables
        (default names).  The result for this option is the same as for using 'oidc-token -oie'. With the -o -i and -e  options
       the name of each environment variable can be changed.

In particular, it says that The result [...] is the same as for using 'oidc-token -oie'.

This is not true.

The command oidc-token -oie generates shell code that assigns the access token to the variable ie; for example:

paul@celebrimbor:~$ oidc-token -oie EGI-CHECKIN
ie=eyJh[...]vznQ; export ie;
paul@celebrimbor:~$

I believe the -c command option is equivalent to -o -i -e; e.g.,

paul@celebrimbor:~$ oidc-token -o -i -e EGI-CHECKIN
OIDC_AT=eyJh[...]vznQ; export OIDC_AT;
OIDC_ISS=https://aai.egi.eu/auth/realms/egi; export OIDC_ISS;
OIDC_EXP=1681805554; export OIDC_EXP;
paul@celebrimbor:~$

For comparison, here is the output when the -c option is specified:

paul@celebrimbor:~$ oidc-token -c EGI-CHECKIN
OIDC_AT=eyJh[...]vznQ; export OIDC_AT;
OIDC_ISS=https://aai.egi.eu/auth/realms/egi; export OIDC_ISS;
OIDC_EXP=1681805554; export OIDC_EXP;
paul@celebrimbor:~$
zachmann commented 1 year ago

Yes, you're right, it should be oidc-token -o -i -e