Mytoken is a web service to obtain OpenID Connect Access Tokens in an easy
but secure way for extended periods of time and across multiple devices. In particular, mytoken was developed to
provide OIDC Access Tokens to long-running compute jobs.
Access Tokens can be obtained via so-called mytokens: A new token type that can be easily used as a Bearer token from
any device. These mytokens can be restricted according to the particular use case to only allow the needed privileges.
Mytoken focuses on integration with the command line through this command line client but also offers a web interface.
A demo instance of the server and webinterface is available at
https://mytoken.data.kit.edu/.
Documentation is available at https://docs.mytok.eu/.
A go library for interacting with the mytoken server can be found at https://github.com/oidc-mytoken/lib.
Packaged versions are available from http://repo.data.kit.edu
The latest version can also be installed via go:
go install github.com/oidc-mytoken/client/cmd/mytoken@latestGet a mytoken:
mytoken MT --url <mytoken_url> -i <oidc_issuer_url> -o <path_to_MT>The mytoken will be stored in <path_to_MT>.
Use your mytoken to obtain an OIDC access token:
mytoken AT --MT-file <path_to_MT>Mytokens can be provided in several ways:
- File (default): Stored in
~/.mytoken/default/mytoken - Environment variable:
mytoken AT --MT-env MYTOKEN_VAR - From file:
mytoken AT --MT-file /path/to/token - Interactive prompt:
mytoken AT --MT-prompt - Direct:
mytoken AT --MT <token>(less secure)