oc-id on Chef Server: An Introduction

Ever used oc-id with Chef Analytics or Chef Supermarket? Read on for information on how it works!

What is oc-id?

oc-id is a Chef authentication/authorization service. It allows you to use your Chef Server account credentials to access other applications. oc-id is found in Chef Server 12 and above and is currently used by Chef Analytics and Chef Supermarket.

oc-id uses [OAuth](http://oauth.net/) to talk to any applications which are authorized to use the Chef Server credentials.

How does oc-id work?

Creating a user on Chef Server

oc-id will authenticate user accounts on your Chef server. In order to do that we’ll first need a user account. Let’s use the Chef server’s command line tools to make one.

Users can create a user on Chef server with:

[code]
$ chef-server-ctl user-create (options)
[/code]

That chef-server-ctl command is a wrapper for the knife (which is a part of [Chef](https://github.com/chef/chef)) user-create command.

When user-create command is executed, knife POSTs to the Chef Server API. This creates the user on the Chef Server.

Using oc-id on a Chef Server

Adding an Application

In order to use a chef server user’s credentials to access another application, you will first add the Application to oc-id.

From the Command Line

To add an application from the command line, check out the first part of [this blog post by Irving Popovetsky](http://chefio.wpengine.com/2015/04/21/setting-up-your-private-supermarket-server/). The section you want to focus on is “oc-id on your Chef Server.” Come back here once you complete this section (before the “Running your Private Supermarket server in Test Kitchen” section).

From the GUI

The oc-id GUI is currently undergoing some major changes. This blog post will be updated when those changes are complete to ensure that readers have the most currently information.

Now attempt to sign in from your Application (in Supermarket, this is done through visiting the supermarket url and clicking the “Sign In” link in the upper right hand corner). Next, you will be promted to log into your Chef Server if you are not already. After you login, you will see a message asking if you wish to authorize the application, go ahead and click “yes.” At this point, if all is right, you should be logged into your application!

Author Nell Shamrell-Harrington

Nell Shamrell-Harrington is a Principal Software Development Engineer at Chef and member of the Habitat core team. She specializes in Chef, Ruby, Rails, Rust, Regular Expressions, and Test Driven Development and has traveled the world speaking on these topics. Prior to entering the world of software development, she studied and worked in the field of theatre. The world of theatre prepared her well for the dynamic world of creating software applications. In both, she strives to create a cohesive and extraordinary experience. In her free time she enjoys practicing the martial art Naginata.