Closed jaceksocha closed 1 year ago
You need to provide the client credentials, either by including the -m
option or directly on the command line with the --client-id
and --client-secret
options.
Thank you @zachmann! --client-id
and --client-secret
helps.
Btw. is there a way to use oidc-agent device grant flow without providing client-secret (oauth2 device flow itself does not require secret) ?
My use case is provide oidc-agent configuration to "clients" without exposing client-secret.
Greetings
This depends on the client your using. If you use a public client that does not need/have a secret it is not required. Use the --pub
option to indicate it is a public client and oidc-gen does not require a client secret.
Ok, thank you.
But having "allow public clients" enabled in IDP application
oidc-gen --issuer=https://login.microsoftonline.com/<SOME_APP_ID>/v2.0 --flow=device --pub
responds with
Could not find a public client for this issuer.
You still have to give the client id of the client you want to use
--client
solved my problem, everything works fine!
thank you @zachmann
Hi
I'm facing problem during device flow configuration with azure active directory application
`oidc-gen testdevice --flow=device
[1] https://login.microsoftonline.com//v2.0
[2] https://iam-test.indigo-datacloud.eu/
[3] https://iam.deep-hybrid-datacloud.eu/
[4] https://iam.extreme-datacloud.eu/
[5] https://iam-demo.cloud.cnaf.infn.it/
[6] https://b2access.eudat.eu:8443/oauth2
[7] https://b2access-integration.fz-juelich.de/oauth2
[8] https://login-dev.helmholtz.de/oauth2
[9] https://login.helmholtz.de/oauth2
[10] https://services.humanbrainproject.eu/oidc/
[11] https://accounts.google.com
[12] https://aai-dev.egi.eu/auth/realms/egi
[13] https://aai-demo.egi.eu/auth/realms/egi
[14] https://aai.egi.eu/auth/realms/egi
[15] https://login.elixir-czech.org/oidc/
[16] https://oidc.scc.kit.edu/auth/realms/kit
[17] https://wlcg.cloud.cnaf.infn.it/
Issuer [https://login.microsoftonline.com//v2.0]:
The following scopes are supported: openid profile email offline_access
Scopes or 'max' (space separated) [openid profile offline_access]: max
Registering Client ...
Dynamic client registration not supported by this issuer.
Try using a public client ...
Dynamic client registration not successful for this issuer and could not find a public client for this issuer.`
The problem occurs on : macOS : 13.4 oidc-agent : 4.5.2
Oauth2 device flow tested on aad application using curl and seems to work fine.
Oidc-agent installed using brew.
Did somebody has similar problem ?
Greetings