Chef Blogs

oc-id on Chef Server: An Introduction

Nell Shamrell-Harrington | Posted on | community

Ever used oc-id with Chef Analytics or Chef Supermarket? Read on for information on how it works!

What is oc-id?

oc-id is a Chef authentication/authorization service. It allows you to use your Chef Server account credentials to access other applications. oc-id is found in Chef Server 12 and above and is currently used by Chef Analytics and Chef Supermarket.

oc-id uses OAuth to talk to any applications which are authorized to use the Chef Server credentials.

How does oc-id work?

Creating a user on Chef Server

oc-id will authenticate user accounts on your Chef server. In order to do that we’ll first need a user account. Let’s use the Chef server’s command line tools to make one.

Users can create a user on Chef server with:

[code]
$ chef-server-ctl user-create (options)
[/code]

That chef-server-ctl command is a wrapper for the knife (which is a part of Chef) user-create command.

When user-create command is executed, knife POSTs to the Chef Server API. This creates the user on the Chef Server.

Using oc-id on a Chef Server

Adding an Application

In order to use a chef server user’s credentials to access another application, you will first add the Application to oc-id.

From the Command Line

To add an application from the command line, check out the first part of this blog post by Irving Popovetsky. The section you want to focus on is “oc-id on your Chef Server.” Come back here once you complete this section (before the “Running your Private Supermarket server in Test Kitchen” section).

From the GUI

The oc-id GUI is currently undergoing some major changes. This blog post will be updated when those changes are complete to ensure that readers have the most currently information.

Now attempt to sign in from your Application (in Supermarket, this is done through visiting the supermarket url and clicking the “Sign In” link in the upper right hand corner). Next, you will be promted to log into your Chef Server if you are not already. After you login, you will see a message asking if you wish to authorize the application, go ahead and click “yes.” At this point, if all is right, you should be logged into your application!