-
|
When requesting a subtoken using a Mytoken profile, the user must confirm the creation of a new Mytoken via the GUI. Would it be possible to display a short-lived URL or QR code that the user can use to confirm the creation? This would be similar to the OAuth2 device flow concept. Currently, when using oidc-agent on the remote node, the user is forced to forward X11 via SSH to confirm Mytoken creation. It would be great to handle this confirmation similarly to the profile creation process with the Currently, I am obtaining a new subtoken by running: The agent-forwarding approach can handle this as well, but in my case, the end user is not expected to be familiar with oidc-agent. Account creation and token obtaining are mostly automated, so the user should only need to read messages, set the account password, and confirm the subtoken creation from the remote host where the agent is running. I’m not sure if this is already supported, so I’m asking here in the Q&A section. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
This is currently not supported. The use-case seems reasonable. I agree that this would be nice to have. First thought was yes that's trivial to support. However, actually it isn't. The requirement for a subtoken creation to be confirmed comes from oidc-agent not from mytoken, so this is implemented on the oidc-agent side. The prompting renders an html side (which includes content from mytoken) and the buttons are changed / added so that the prompt command does return the decision. For a url to be printed to the user that is usable from another device the following would be required:
So to support this this would require implementation work on both oidc-agent an mytoken. |
Beta Was this translation helpful? Give feedback.
This is currently not supported. The use-case seems reasonable. I agree that this would be nice to have.
First thought was yes that's trivial to support. However, actually it isn't. The requirement for a subtoken creation to be confirmed comes from oidc-agent not from mytoken, so this is implemented on the oidc-agent side. The prompting renders an html side (which includes content from mytoken) and the buttons are changed / added so that the prompt command does return the decision.
For a url to be printed to the user that is usable from another device the following would be required: