Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No oidc-agent start when logging in with Wayland #555

Open
paulmillar opened this issue Jan 2, 2024 · 2 comments
Open

No oidc-agent start when logging in with Wayland #555

paulmillar opened this issue Jan 2, 2024 · 2 comments

Comments

@paulmillar
Copy link
Contributor

With the release of Debian 12 (bookworm) a fresh install will default to using Wayland (instead of X11 / X.org) as its windowing environment.

Note that, as bookworm continues to support X11/X.org, computers that upgrade to bookworm (from an earlier Debian release) will continue to use X11, unless the admin explicitly switches to Wayland.

There seems to be no problem with oidc-agent under bookworm when X.org is used. However, with Wayland, the oidc-agent process is not started.

Here is the console output from a shell shortly after logging in:

paul@monkeywrench:~$ echo $XDG_CURRENT_DESKTOP
KDE
paul@monkeywrench:~$ echo $XDG_SESSION_TYPE
wayland
paul@monkeywrench:~$ pidof oidc-agent
paul@monkeywrench:~$

It is a relatively simple matter to start oidc-agent manually within a console. When this is done, the agent behaves as expected:

paul@monkeywrench:~$ eval `oidc-agent`
Agent pid 126481
paul@monkeywrench:~$ pidof oidc-agent
126482 126481
paul@monkeywrench:~$ oidc-add EGI-CHECKIN
Enter decryption password for account config 'EGI-CHECKIN': 
success
paul@monkeywrench:~$ oidc-token EGI-CHECKIN
eyJh[...]yXF694p6BAEXCPPOvNVsTKbw
paul@monkeywrench:~$

Starting oidc-agent manually suffers from the (expected) limitation that the oidc-agent environment variables are only known to that specific shell. If that agent should be accessible from processes started outside of that shell (e.g., having multiple tabs in the console) then those variables must be (manually) copied.

Starting oidc-agent as part of the X11/X.org login procedure alleviates this limitation. All child processes will share a common oidc-agent instance and inherit that agent's environment variables.

It would be helpful if some similar mechanism exists for Wayland that would allow all child processes of the login session to share a common oidc-agent instance; for example, by having all child processes inherit the oidc-agent environment variables (as currently happens with X.org).
@zachmann
Copy link
Collaborator

We will need to investigate this further and see what the best solution would be.

However, the following should work fairly well:
Put the following line into your .bashrc:

eval `oidc-agent-service use` >/dev/null

This will start the agent the first time and on other runs, set the env var.

@marcvs
Copy link
Collaborator

marcvs commented Jan 19, 2024

If this works, I wonder which is the best way to solve this package wise.
I.e. is there a well understood way to put it into a shell startup env? /etc/bashrc or s.th.?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@paulmillar @marcvs @zachmann