Hey openstack-discuss, while there is support for OpenID Connect and its various flows in the openstack client (https://docs.openstack.org/python-openstackclient/latest/cli/man/openstack.h...). I would like to have the user authenticate only with central IdP login via a web page and then receive an access token and not have each user's openstack cli be a full OIDC client handling credentials and authenticating against the IdP via the users password itself. The tricky bit here is having good tooling for users to authenticate via the existing SSO and then to get and refresh tokens which are then fed to the openstack CLI. I was wondering if anybody knows of some nice integrations / plugins / hooks to make it easy for users to deal with the authentication (usually via some web site) and then to inject the token (v3oidcaccesstoken) into openstack-cli? I found that Fedcloud.eu (https://www.fedcloud.eu/) does something like this (see https://fedcloudclient.fedcloud.eu/usage.html#authentication) via OIDC-Agent. But most platforms making use of OIDC seem to configure the openstack client with client_id and secret and have it authenticate directly with the IdP. Regards, Christian