Zachmann, GabrielBecker, Michael2019-10-142019-10-142018978-3-88579-448-6https://dl.gi.de/handle/20.500.12116/28972OpenID Connect is widely used in Authentication and Authorization Infrastructures including the infrastructures of multiple EU projects like INDIGO -DataCloud, the Human Brain Project or the European Open Science Cloud. Due to their nature, OpenID Connect Access Tokens are currently not straightforward to use from the command line. They have a high character count and are short lived. Therefore, they de facto have to be copied from a source providing the access token, most likely a web service. Considering this insufficient usability from the command line, our goal was to overcome this by developing a tool to manage OpenID Connect tokens. We present the design of this tool named oidc-agent and possible usages. The design is oriented at the ssh-agent, providing the user a familiar way to handle OpenID Connect tokens. By splitting the whole service into multiple components we also ensure privilege separation. We implemented a daemon to manage OpenID Connect tokens (oidc-agent), a tool for generating agent account conĄgurations (oidc-gen) and a tool for loading and unloading these configurations from the agent (oidc-add). Additionally, we provide application programming interfaces for agent clients through C and UNIX domain sockets. We also provide an example agent client (oidc-token) that can be used to easily get an access token from oidc-agent using the command line. Therefore, users do not need to handle long, unhandy access tokens, but the application can obtain an access-token through oidc-agent when needed. All components can be freely used and are available on GitHub under the MIT license.enOpenID ConnectOIDCoidc-agentauthorizationauthenticationsecuritycommand lineOIDC-Agent: Managing OpenID Connect Tokens on the Command LineText/Conference Paper1614-3213