OpenID Connect Authorization
OSCAR REST API supports OIDC (OpenID Connect) access tokens to authorize users
since release v2.5.0
. By default, OSCAR clusters deployed via the
IM Dashboard are configured to allow authorization
via basic auth and OIDC tokens using the
EGI Check-in issuer. From the IM
Dashboard deployment window, users can add one
EGI Virtual Organization to
grant access for all users from that VO.
Accessing from OSCAR-UI
The static web interface of OSCAR has been integrated with EGI Check-in and published in ui.oscar.grycap.net to facilitate the authorization of users. To login through EGI Checkín using OIDC tokens, users only have to put the endpoint of its OSCAR cluster and click on the "EGI CHECK-IN" button.
Integration with OSCAR-CLI via OIDC Agent
Since version v1.4.0
OSCAR-CLI supports API authorization
via OIDC tokens thanks to the integration with
oidc-agent.
Users must install the oidc-agent following its
instructions and
create a new account configuration for the
https://aai.egi.eu/auth/realms/egi/
issuer. After that, clusters can be
added with the command oscar-cli cluster add
specifying
the oidc-agent account name with the --oidc-account-name
flag.