Authentication using Frontier CLI
How to Authenticate into Frontier CLI to use Frontier services
Frontier CLI utilizes OIDC and OAuth2 for authentication and authorization for services within the Frontier Management Cluster (FMC). To perform any actions or tasks within the CLI, clients are required to authenticate into their OIDC account respective to their organization. The organization can choose any OIDC provider to be used for their Frontier services. The OIDC provider chosen shall be configured by your organization’s frontier administrator. Federal Frontier recommends using Keycloak.X (powered by Quarkus) due to its cost-savings and performance. At this current time, this Frontier guide will evolve around Keycloak.X for the remainder of this tutorial, but this use-case should be similar across other OIDC providers as well.
Authentication Guide
Log into Frontier CLI
To login to Frontier CLI for use of services, run the following command below:
frontier login
Your default browser should automatically appear and prompt you for your username and password.
You may also be asked to enter a temporary code if your account is linked with two-factor authentication. After you successfully logged into your account, you will be given you access token.
If you navigate back the Frontier CLI application, you will be prompt to paste that access token given by your OIDC provider.
If the token is valid, you will be successfully authenticated into the Frontier CLI application.
Logout of Frontier CLI
If you wish to logout of the Frontier CLI application, run the following command below. This option will only appear if a user or administrator is authenticated.
frontier logout
You will be logged out of your Frontier account and will no longer have access to using any Frontier services within the CLI application while unauthenticated.
Issues Where Authentication or Re-authentication is Required
Be aware of your expiration time to prevent experiences of potential issues or loss of access to perform tasks within the application. If you experience responses from the CLI similar to these images below, you may be required to re-authenticate into the application to continue use of services.