Skip to content

OpenID Connect Authorization

OSCAR REST API supports OIDC (OpenID Connect) access tokens to authorize users since release v2.5.0. By default, OSCAR clusters deployed via the IM Dashboard are configured to allow authorization via basic auth and OIDC tokens using the EGI Check-in issuer. From the IM Dashboard deployment window, users can add one EGI Virtual Organization to grant access for all users from that VO.

oscar-ui.png

Accessing from OSCAR-UI

The static web interface of OSCAR has been integrated with EGI Check-in and published in ui.oscar.grycap.net to facilitate the authorization of users. To login through EGI Checkín using OIDC tokens, users only have to put the endpoint of its OSCAR cluster and click on the "EGI CHECK-IN" button.

im-dashboard-oidc.png

Integration with OSCAR-CLI via OIDC Agent

Since version v1.4.0 OSCAR-CLI supports API authorization via OIDC tokens thanks to the integration with oidc-agent.

Users must install the oidc-agent following its instructions and create a new account configuration for the https://aai.egi.eu/auth/realms/egi/ issuer. After that, clusters can be added with the command oscar-cli cluster add specifying the oidc-agent account name with the --oidc-account-name flag.