keycloak-scim/server_admin/topics/identity-broker/social/openshift.adoc

==== OpenShift

NOTE: OpenShift Online is currently in the developer preview mode. This documentation has been based on on-premise installations and local `minishift` development environment.

There are a just a few steps you have to complete to be able to login to OpenShift.  First, go to the `Identity Providers` left menu item
and select `OpenShift` from the `Add provider` drop down list.  This will bring you to the `Add identity provider` page.

.Add Identity Provider
image:images/openshift-add-identity-provider.png[]

.Registering OAuth client

You can register your client using `oc` command line tool.

====
[source,bash]
----
$ oc create -f <(echo '
kind: OAuthClient
apiVersion: v1
metadata:
 name: kc-client <1>
secret: "..." <2>
redirectURIs:
 - "http://www.example.com/" <3>
grantMethod: prompt <4>
')
----
<1> The `name` of your OAuth client. Passed as `client_id` request parameter when making requests to `_<openshift_master>_/oauth/authorize` and `_<openshift_master>_/oauth/token`.
<2> `secret` is used as the `client_secret` request parameter.
<3> The `redirect_uri` parameter specified in requests to `_<openshift_master>_/oauth/authorize` and `_<openshift_master>_/oauth/token` must be equal to (or prefixed by) one of the URIs in `redirectURIs`.
<4> The `grantMethod` is used to determine what action to take when this client requests tokens and has not yet been granted access by the user.
====

Use client ID and secret defined by `oc create` command to enter them back on the {project_name} `Add identity provider` page.
Go back to {project_name} and specify those items.

Please refer to https://docs.okd.io/latest/architecture/additional_concepts/authentication.html#oauth[official OpenShift documentation] for more detailed guides.