# oidc-agent — OIDC Tokens for Scripts (ssh-agent) > oidc-agent manages OpenID Connect tokens like ssh-agent: start the agent, create configs with oidc-gen, then fetch tokens for scripts via oidc-token. ## Install Copy the content below into your project: ## Quick Use ```bash # macOS: brew tap indigo-dc/oidc-agent brew install oidc-agent eval `oidc-agent-service start` oidc-gen myidp && oidc-token myidp ``` ## Intro oidc-agent manages OpenID Connect tokens like ssh-agent: start the agent, create configs with oidc-gen, then fetch tokens for scripts via oidc-token. **Best for:** CLI-first workflows that need short-lived OIDC tokens for APIs, MCP servers, or automation scripts **Works with:** Linux packages or Homebrew; supports multiple OIDC flows (README mentions device flow) and token retrieval via CLI **Setup time:** 10-25 minutes ### Key facts (verified) - GitHub: 149 stars · 36 forks · pushed 2026-04-30. - License: MIT · owner avatar + repo URL verified via GitHub API. - README-backed entrypoint: `oidc-token `. ## Main - Treat it like ssh-agent: start the service early (login/X session) and rely on environment variables to locate the socket. - Prefer `oidc-token ` in scripts when portability matters; README recommends issuer_url for shareable scripts. - Use device flow on headless hosts: README notes `oidc-gen --flow=device` when a browser isn't available. ### Source-backed notes - README shows macOS install via Homebrew: `brew tap indigo-dc/oidc-agent` then `brew install oidc-agent`. - README quickstart starts the agent with `eval `oidc-agent-service start`` and uses `oidc-gen` + `oidc-token`. - README mentions device flow via `--flow=device` and describes listing configs with `oidc-add -l` / `oidc-gen -l`. ### FAQ - **Do I need a browser to authenticate?**: Not always. README says you can use device flow (`--flow=device`) on hosts without a browser. - **Can it manage multiple accounts?**: Yes. README says multiple account configurations can be loaded concurrently. - **Where is the documentation?**: README points to https://indigo-dc.github.io/oidc-agent/ for full docs. ## Source & Thanks > Source: https://github.com/indigo-dc/oidc-agent > License: MIT > GitHub stars: 149 · forks: 36 --- ## Quick Use ```bash # macOS: brew tap indigo-dc/oidc-agent brew install oidc-agent eval `oidc-agent-service start` oidc-gen myidp && oidc-token myidp ``` ## Intro oidc-agent 用类似 ssh-agent 的方式管理 OpenID Connect token:启动 agent 后用 oidc-gen 生成账号配置,再用 oidc-token 在脚本中安全获取 access token,并支持 device flow。 **Best for:** 需要在 CLI/脚本里拿到短时效 OIDC token 的自动化流程(API/MCP/运维脚本) **Works with:** Linux 软件包或 Homebrew 安装;支持多种 OIDC flow(README 提到 device flow),并通过 CLI 获取 token **Setup time:** 10-25 minutes ### Key facts (verified) - GitHub:149 stars · 36 forks;最近更新 2026-04-30。 - 许可证:MIT;作者头像与仓库链接均已通过 GitHub API 复核。 - README 中可对照的入口:`oidc-token `。 ## Main - 像 ssh-agent 一样用:在登录/X session 早期启动服务,通过环境变量定位 socket。 - 脚本更建议用 `oidc-token `:README 指出 issuer_url 方式更利于共享脚本,避免每个人都改 shortname。 - 无浏览器/远程主机用 device flow:README 说明可用 `oidc-gen --flow=device`。 ### Source-backed notes - README 给出 macOS 的 Homebrew 安装:`brew tap indigo-dc/oidc-agent` + `brew install oidc-agent`。 - README Quickstart:`eval `oidc-agent-service start`` 启动服务,再用 `oidc-gen` 与 `oidc-token` 获取 token。 - README 提到 device flow(`--flow=device`),以及用 `oidc-add -l` / `oidc-gen -l` 列出配置。 ### FAQ - **必须有浏览器才能认证吗?**:不一定。README 表示无浏览器主机可用 device flow(`--flow=device`)。 - **能同时管理多个账号吗?**:可以。README 说明可以并发加载多个账号配置。 - **完整文档在哪里?**:README 指向 https://indigo-dc.github.io/oidc-agent/。 ## Source & Thanks > Source: https://github.com/indigo-dc/oidc-agent > License: MIT > GitHub stars: 149 · forks: 36 --- Source: https://tokrepo.com/en/workflows/oidc-agent-oidc-tokens-for-scripts-ssh-agent Author: Script Depot