List OIDC credentials for SSO
Returns a list of existing OIDC provider credentials for SSO for your organization. Optionally, a provider can be specified to return only credentials for that provider.
Query Parameters
- oauth_provider string
Possible values: [
google
,github
,bitbucket
,gitlab
,facebook
,line
,azuread
,okta
,apple
]The name of the OAuth provider
Header Parameters
- SlashID-OrgID string required
The organization ID
Example: af5fbd30-7ce7-4548-8b30-4cd59cb2aba1
- 200
- 400
OK
- application/json
- Schema
- Example (from schema)
Schema
meta object
pagination object
limit integeroffset integertotal_count int64errors object[]
httpcode integermessage stringresult object[]
client_id stringprovider stringPossible values: [
google
,github
,bitbucket
,gitlab
,facebook
,line
,azuread
,okta
,apple
]label stringexternal_cred_id stringExternal credential ID
enable_in_slashid_oidc_authz_server booleanIndicates whether these credentials can be used for SSO authentication during an OIDC flow in which SlashID acts as the Authorization Server.
options object
Options for supported third-party providers.
google object
authorize_scopes string[]Default value:
openid,email,profile
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read Google's documentation to know more.
Note: scopes
openid
,email
, andprofile
are always requested.github object
authorize_scopes string[]Default value:
read:user,user:email
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read GitHub's documentation to know more.
Note: scopes
read:user
anduser:email
are always requested.bitbucket object
authorize_scopes string[]Default value:
account
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read Bitbucket's documentation to know more.
Note: scope
account
is always requested.gitlab object
authorize_scopes string[]Default value:
read_user
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read GitLab's documentation to know more.
Note: scope
read_user
is always requested.facebook object
authorize_scopes string[]Default value:
email,public_profile
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read Facebook's documentation to know more.
Note: scopes
email
andpublic_profile
are always requested.line object
authorize_scopes string[]Default value:
openid,email,profile
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read Line's documentation to know more.
Note: scopes
openid
,email
, andprofile
are always requested.azuread object
authorize_scopes string[]Default value:
openid,email,profile,User.Read
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read Azure AD's documentation to know more.
Note: scopes
openid
,email
,profile
, andUser.Read
are always requested.tenant stringDefault value:
common
The tenant ID of the Azure AD tenant (a GUID), its tenant domain, or one of the pseudo tenants:
common
,organizations
orconsumer
.Read Azure AD's documentation to know more.
okta object
authorize_scopes string[]Default value:
openid,email,profile
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read [Okta's documentation]https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm) to know more.
Note: scopes
openid
,email
,profile
are always requested.organization_url stringThe organization URL for Okta.
Read Okta's documentation to know more.
apple object
See https://developer.apple.com/documentation/accountorganizationaldatasharing/creating-a-client-secret
authorize_scopes string[]Default value:
openid,email,name
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Note: scopes
openid
,email
,name
are always requested.private_key stringAn ES256 private key downloaded from your Apple developer account in PKCS8 format.
team_id stringThe 10-character Team ID associated with your Apple developer account. This will be used as the issuer claim in client secret JWTs.
key_id stringA 10-character key identifier generated for the Account and Organizational Data Sharing private key associated with your developer account.
secret_lifetime stringThe lifetime of each generated client secret. The value provided should be a string that can be parsed as a Golang
time.Duration
; for example, "1m" (one minute), "24h" (24 hours). The lifetime may not be less than 5 minutes (300 seconds), and may not be more than 15,777,000 seconds (6 months). If not set, defaults to 30 days.
{
"meta": {
"pagination": {
"limit": 0,
"offset": 0,
"total_count": 0
}
},
"errors": [
{
"httpcode": 0,
"message": "string"
}
],
"result": [
{
"client_id": "string",
"provider": "google",
"label": "string",
"external_cred_id": "string",
"enable_in_slashid_oidc_authz_server": true,
"options": {
"google": {
"authorize_scopes": [
"string"
]
},
"github": {
"authorize_scopes": [
"string"
]
},
"bitbucket": {
"authorize_scopes": [
"string"
]
},
"gitlab": {
"authorize_scopes": [
"string"
]
},
"facebook": {
"authorize_scopes": [
"string"
]
},
"line": {
"authorize_scopes": [
"string"
]
},
"azuread": {
"authorize_scopes": [
"string"
],
"tenant": "common"
},
"okta": {
"authorize_scopes": [
"string"
],
"organization_url": "string"
},
"apple": {
"authorize_scopes": [
"string"
],
"private_key": "string",
"team_id": "string",
"key_id": "string",
"secret_lifetime": "string"
}
}
}
]
}
Bad Request
- application/json
- Schema
- Example (from schema)
Schema
meta object
pagination object
limit integeroffset integertotal_count int64errors object[]
httpcode integermessage string
{
"meta": {
"pagination": {
"limit": 0,
"offset": 0,
"total_count": 0
}
},
"errors": [
{
"httpcode": 0,
"message": "string"
}
]
}