From 0cdb15783231fec1b94abf0da29955aba3953c67 Mon Sep 17 00:00:00 2001 From: zachmann Date: Wed, 10 Jul 2024 12:02:35 +0200 Subject: [PATCH] add docu; fix typos; fix default account docu --- gitbook/configuration/custom-parameters.md | 18 ++++++++++++++++++ gitbook/configuration/default-accounts.md | 9 +++------ gitbook/provider/known-issues.md | 7 +++++-- 3 files changed, 26 insertions(+), 8 deletions(-) create mode 100644 gitbook/configuration/custom-parameters.md diff --git a/gitbook/configuration/custom-parameters.md b/gitbook/configuration/custom-parameters.md new file mode 100644 index 00000000..b02aff0e --- /dev/null +++ b/gitbook/configuration/custom-parameters.md @@ -0,0 +1,18 @@ +# Custom Request Parameter + +Since version `5.2.0` it is possible to customize the requests send by the agent to the OPs and add custom request +parameters. + +Custom parameters can be configured in a config file named `custom_parameters.config`. As usual the file can be placed +in `/etc/oidc-agent` or the agent directory. If both are present parameters are merged together. + +The `custom_parameters.config` contains a json array of parameter specifications. A parameter specification is a json +object that can have the following fields: + +| Field Name | Description | +|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `parameter` | The name of the parameter to be added to the request | +| `value` | The value that should be used. The value can be given in different ways. If the value starts with a `$` the following characters are interpreted as an environment variable and the value is read from this variable. If the given value starts with an `/` it is interpreted as a file path and the first line from that file is used as the value. Otherwise the value is used directly. | +| `for_issuer` | A JSON array of issuer urls for which this parameter should be used | +| `for_account` | A JSON array of account shortnames for which this parameter should be used | +| `request` | A JSON array of requests for which this parameter should be used. Possible values are `refresh`, `auth_url`, `code-exchange`,`device-init`,`device-polling`,`registration`,`revocation`,`password` | diff --git a/gitbook/configuration/default-accounts.md b/gitbook/configuration/default-accounts.md index c47d74c9..8f9d8bfc 100644 --- a/gitbook/configuration/default-accounts.md +++ b/gitbook/configuration/default-accounts.md @@ -1,9 +1,6 @@ ## Default Account Configuration for a Provider + The `issuer.config` file in the [oidc-agent directory](directory.md) can also -be used to set an default account configuration file for each provider by adding -the shortname of this account configuration after the issuer url. -A line in the `issuer.config` file should look the following: -``` -[] -``` +be used to set a default account configuration file for each provider by using the `default_account` claim. for more +details please refer to the [documentations about issuer.config](issuers.md). diff --git a/gitbook/provider/known-issues.md b/gitbook/provider/known-issues.md index b53176ea..2cfcdce3 100644 --- a/gitbook/provider/known-issues.md +++ b/gitbook/provider/known-issues.md @@ -1,11 +1,14 @@ ## Known Issues + ### Expiring Refresh Tokens + oidc-agent assumes that refresh tokens do not expire. But some providers might use refresh tokens that expire after a certain time or when they are not used for a specific time. To prevent the latter use oidc-agent / oidc-token regularly -(you also can use a cron job). +(you can also use a cron job). oidc-agent is able to update a stored refresh token. However, therefore it has to receive a new -refresh token from the provider. If a refresh token expired (e.g. because the token was used within the lifetime of that token), use `oidc-gen --reauthenticate ` to re-authenticate and update the refresh token. +refresh token from the provider. If a refresh token expired (e.g. because the token was used within the lifetime of that +token), use `oidc-gen --reauthenticate ` to re-authenticate and update the refresh token.