On the CLI: flaat-userinfo¶

Installation¶

flaat-userinfo is included with the flaat installation.

Description¶

flaat-userinfo is a simple tool to gather all oidc user info based on access tokens.

The tool can be used in multiple ways:

Directly pass an access token.
Name an oidc-agent account, which is used to retrieve an access token.
Use an access token from environment variables (e.g. ACCESS_TOKEN).

Options¶

usage: flaat-userinfo [-h] [--my-config MY_CONFIG] [--client_id CLIENT_ID] [--client_secret CLIENT_SECRET] [--oidc-agent-account OIDC_AGENT_ACCOUNT] [--issuer ISSUER] [--audience AUDIENCE]
                      [--skip_tls_verify] [--skip_jwt_verify] [--accesstoken] [--userinfo] [--introspection] [--all] [--quiet] [--verbose] [--machine-readable]
                      [access_token ...]

flaat-userinfo

positional arguments:
  access_token          An access token (without 'Bearer ')

options:
  -h, --help            show this help message and exit
  --my-config MY_CONFIG, -c MY_CONFIG
                        config file path
  --client_id CLIENT_ID
                        Specify the client_id of an oidc client. This is needed for token introspection.
  --client_secret CLIENT_SECRET
                        Specify the client_secret of an oidc client. This is may be needed for token introspection.
  --oidc-agent-account OIDC_AGENT_ACCOUNT, -o OIDC_AGENT_ACCOUNT
                        Name of oidc-agent account for access token retrieval
  --issuer ISSUER, -i ISSUER
                        Specify issuer (OIDC Provider)
  --audience AUDIENCE, --aud AUDIENCE
                        Specify an intended audience for the requested access
                        token. Multiple audiences can be provided as a space
                        separated list. Only used when token is retrieved via
                        the oidc-agent. Ignored if OP does not support
                        audience setting.
  --skip_tls_verify     Disable TLS verification
  --skip_jwt_verify     Disable JWT verification
  --accesstoken, -at    Show access token info (default)
  --userinfo, -ui       Show user info (default)
  --introspection, -in  Show introspection info (default)
  --all, -a
  --quiet, -q           Enable quiet mode. This will only show requested information, no explanatory text
  --verbose, -v         Enable verbose mode. This will also print debug messages.
  --machine-readable, -m
                        Make stdout machine readable

Quick examples¶

To use a raw access token with flaat-userinfo, just pass it as an argument:

flaat-userinfo eyJraWQ...

If you have a loaded oidc-agent account called “foo”, you can use flaat-userinfo using:

flaat-userinfo -o foo