htgettoken gets OIDC bearer access tokens by interacting with a
Hashicorp vault server configured for retrieving and storing OIDC
refresh tokens using the
htvault-config package.
For details on its usage please see the man page.
Packaging for Red Hat Enterprise Linux systems is included. Rpms are distributed in the Open Science Grid yum repositories. After enabling the OSG repositories, do this as root to install it:
yum install htgettoken
htgettoken and Vault are also integrated with HTCondor. It is available in HTCondor versions 9.0.6 and later.
See this paper submitted to vCHEP 2021 for a description of htgettoken, htvault-config, and their HTCondor integration.
A few additional helpful commands are bundled with htgettoken. Click on each one below to see their man pages.
- htdecodetoken/httokendecode -- decodes JSON Web Tokens that it finds either according to a given filename or based on the WLCG Bearer Token Discovery standard if no filename is given.
- htdestroytoken -- removes bearer and vault tokens
- httokensh -- keeps the bearer token renewed as long as a command it starts runs