23 Jan
2023
23 Jan
'23
2:09 a.m.
On 20/01/2023 21:22, Christian Rohmann wrote:
I found that Fedcloud.eu (https://www.fedcloud.eu/) does something like this (see https://fedcloudclient.fedcloud.eu/usage.html#authentication) via OIDC-Agent. But most platforms making use of OIDC seem to configure the openstack client with client_id and secret and have it authenticate directly with the IdP.
My team contributed patches to https://github.com/IFCA/keystoneauth-oidc to use PKCE so that a client ID and client secret do not need to be given to users.
Hope this is useful, Jon.