There is a template for OIDC token, could you fill it?

Thanks

To help us register your application in our OIDC service, we need a few
information from you:

Note: all the default values provided here are based on the default choice/
implementation of flask-oidc. If you do not use this library you may have to 
refer to the documentation of your library.

Some generic information first:
- What is the application main URL?
- Who will be the main contact for the application, or will this be core 
  infrastructure?
- What privacy policy will be applicable to the application, or will this be 
  the standard Fedora privacy policy?

Some more OIDC specific information then:
- Which redirect URI(s) will the application use?
  - flask-oidc defaults to: ``<APPLICATION_URL>/oidc_callback``
    but it's configurable (so double-check)
- Does the application need the user names, or will an application-specific 
    pseudonym suffice?
  - ie: using flask-oidc, do you ever rely on ``OIDC.user_getfield('sub')`` to 
    get the user's username. If not, this question likely does not matter for 
    your application
- Which authorization flow does the application use?
  - flask-oidc: authorization_code
- Which token authentication method does the application use?
  - flask-oidc: client_secret_post
- Which response type does the application rely on?
  - flask-oidc: Code

@pingou, I'm not sure this is correct form. I'm asking for openidc service token which I can use to login to ODCS. I'm not developing new application which would be used by real end-users or which end-users would authenticate against.

I think I basically want the same as what happened here: https://pagure.io/fedora-infrastructure/issue/7532.

The form (especially the second part) looks irrelevant to my use-case. I will try to fill it in anyway:

Some generic information first:
- What is the application main URL?

The Jenkins job will be running on https://jenkins-fedora-infra.apps.ci.centos.org/job/cccc/. I will ask for this job in another ticket.

• Who will be the main contact for the application, or will this be core
  infrastructure?

jkaluza

• What privacy policy will be applicable to the application, or will this be
  the standard Fedora privacy policy?

I presume standard Fedora privacy policy. But it does not store anything. It simply asks ODCS to generate compose and the openidc token in question is used to login to odcs.

Some more OIDC specific information then:
- Which redirect URI(s) will the application use?
- flask-oidc defaults to: <APPLICATION_URL>/oidc_callback
but it's configurable (so double-check)

It will not use any redirect URL afaik. It will read the token from file and send it in HTTP request to ODCS.

• Does the application need the user names, or will an application-specific
  pseudonym suffice?
• ie: using flask-oidc, do you ever rely on OIDC.user_getfield('sub') to
  get the user's username. If not, this question likely does not matter for
  your application

No.

• Which authorization flow does the application use?
• flask-oidc: authorization_code
• Which token authentication method does the application use?
• flask-oidc: client_secret_post
• Which response type does the application rely on?
• flask-oidc: Code

This would be valid if I would use openidc auth workflow. But I only need a client token if I'm right.

So it looks like I confused OIDC token and OIDC secret for apps...

I've followed https://docs.pagure.org/infra-docs/sysadmin-guide/sops/ipsilon.html#generate-an-openid-connect-token and generated the token for @jkaluza. Sorry for the mix up and thus the time it took to process this ticket :(

Let us know if you need anything else!