# How to refresh the odcs oidc token used by OSBS

OSBS needs to trigger composes to ODCS for flatpak build, this is done using an OIDC token to authenticate the requests.
This token expires every 365 days so it needs to be regenerated every year.

## Generate a new token
In the ansible repo run the following command:

    scripts/generate-oidc-token osbs -e 365 -s https://id.fedoraproject.org/scope/groups -s https://pagure.io/odcs/new-compose -s https://pagure.io/odcs/renew-compose -s https://pagure.io/odcs/delete-compose


Follow the instructions given by the script and run the SQL command on the ipsilon database server:

    ssh db-fas01.iad2.fedoraproject.org
    sudo -u postgres -i ipsilon
    ipsilon=# BEGIN;
    ....
    ipsilon=# COMMIT;

Save the value of the token generated by the script in the ansible-private repo under `ansible-private/files/osbs/production/odcs-oidc-token` (same needs to be done for the staging cluster)

## Deploy the change

Run the following playbook to deploy the new token `ansible-playbook /srv/web/infra/ansible/playbooks/groups/osbs/configure-osbs.yml`