On 20/01/2023 21:22, Christian Rohmann wrote: > > I found that Fedcloud.eu (https://www.fedcloud.eu/) does something > like this (see > https://fedcloudclient.fedcloud.eu/usage.html#authentication) via > OIDC-Agent. But most platforms making use of OIDC seem to configure > the openstack client with client_id and secret and have it > authenticate directly with the IdP. > My team contributed patches to https://github.com/IFCA/keystoneauth-oidc to use PKCE so that a client ID and client secret do not need to be given to users. Hope this is useful, Jon.