Ever used oc-id with Chef Analytics or Chef Supermarket? Read on for information on how it works!
What is oc-id?
oc-id is a Chef authentication/authorization service. It allows you to use your Chef Server account credentials to access other applications. oc-id is found in Chef Server 12 and above and is currently used by Chef Analytics and Chef Supermarket.
oc-id uses [OAuth](http://oauth.net/) to talk to any applications which are authorized to use the Chef Server credentials.
How does oc-id work?
Creating a user on Chef Server
oc-id will authenticate user accounts on your Chef server. In order to do that we’ll first need a user account. Let’s use the Chef server’s command line tools to make one.
Users can create a user on Chef server with:
$ chef-server-ctl user-create (options)
That chef-server-ctl command is a wrapper for the knife (which is a part of [Chef](https://github.com/chef/chef)) user-create command.
When user-create command is executed, knife POSTs to the Chef Server API. This creates the user on the Chef Server.
Using oc-id on a Chef Server
Adding an Application
In order to use a chef server user’s credentials to access another application, you will first add the Application to oc-id.
From the Command Line
To add an application from the command line, check out the first part of [this blog post by Irving Popovetsky](http://chefio.wpengine.com/2015/04/21/setting-up-your-private-supermarket-server/). The section you want to focus on is “oc-id on your Chef Server.” Come back here once you complete this section (before the “Running your Private Supermarket server in Test Kitchen” section).
From the GUI
The oc-id GUI is currently undergoing some major changes. This blog post will be updated when those changes are complete to ensure that readers have the most currently information.
Now attempt to sign in from your Application (in Supermarket, this is done through visiting the supermarket url and clicking the “Sign In” link in the upper right hand corner). Next, you will be promted to log into your Chef Server if you are not already. After you login, you will see a message asking if you wish to authorize the application, go ahead and click “yes.” At this point, if all is right, you should be logged into your application!