BlueAPI provides a secure and efficient way to interact with its services. This guide walks you through the steps to log in and log out using BlueAPI with OpenID Connect (OIDC) authentication.
:::{seealso} Configure the Application :::
Here is an example configuration for authenticating to p46-blueapi:
api:
url: "https://p46-blueapi.diamond.ac.uk"
auth_token_path: "~/.cache/blueapi_cache" # Optional: Custom path to store the token- auth_token_path: (Optional) Specify where to save the token. If omitted, the default is
~/.cache/blueapi_cacheor$XDG_CACHE_HOME/blueapi_cacheifXDG_CACHE_HOMEis set.
-
Execute the login command:
$ blueapi -c config.yaml login
-
Authenticate:
- Follow the prompts from your OIDC provider to log in.
- Provide your credentials and complete any additional verification steps required by the provider.
-
Success Message: Upon successful authentication, you see the following message:
Logged in and cached new token
To log out and securely remove the cached access token, follow these steps:
-
Execute the logout command:
$ blueapi logout -
Logout Process:
- This command uses the OIDC flow to log you out from the OIDC provider.
- It also deletes the cached token from the specified
auth_token_path.
-
Success Message: If the token is successfully removed or if it does not exist, you see the message:
Logged out
Note
The login and logout instructions above apply to the CLI. If you are using oauth2-proxy to secure the Swagger
UI documentation page, you can log out by visiting the /logout URL. For other OIDC providers, update the
oidc.logout_redirect_endpoint configuration to the appropriate logout endpoint.