mc idp openid add

The mc idp openid add command creates an OIDC IDP server configuration.

You can run the command multiple times to set up multiple OpenID providers.

When adding multiple OpenID providers, only one can be a JWT claim-based provider. All others must be role-based providers.

Example and syntax

Example

The following example creates a named configuration called DEX for the myaistor deployment for Dex integration.

mc idp openid add myaistor DEX                                                \
    client_id=minio-client-app                                                \
    client_secret=minio-client-app-secret                                     \
    config_url="http://localhost:5556/dex/.well-known/openid-configuration"   \
    scopes="openid,groups"                                                    \
    redirect_uri="http://127.0.0.1:10000/oauth_callback"                      \
    role_policy="consoleAdmin"

Syntax

The command has the following syntax:

mc [GLOBALFLAGS] idp openid add               \
                            ALIAS             \
                            [CFG_NAME]        \
                            [CFG_PARAM1]      \
                            [CFG_PARAM2]...

Replace ALIAS with the alias of an MinIO AIStor deployment to configure for OpenID integration.
Replace CFG_NAME with a unique string for this configuration. If not specified, the command creates the default configuration (internally named _). The name is case-sensitive and must match exactly when referenced in other commands or environment variables. By convention, use uppercase.
Replace the [CFG_PARAM#] with each of the configuration setting key-value pairs in the format of PARAMETER="value".
Brackets [] indicate optional parameters.
Parameters sharing a line are mutually dependent.
Parameters separated using the pipe | operator are mutually exclusive.

Copy the example to a text editor and modify as needed before running the command in the terminal/shell.

Global flags

This command supports any of the global flags.

Behavior

S3 compatibility

The mc command-line tool is built for compatibility with the AWS S3 API and is tested with MinIO AIStor and AWS S3 for expected functionality and behavior.

MinIO provides no guarantees for other S3-compatible services, as their S3 API implementation is unknown and therefore unsupported.

While mc commands may work as documented, any such usage is at your own risk.