Skip to main content

List OIDC credentials for SSO

Returns a list of existing OIDC provider credentials for SSO for your organization. Optionally, a provider can be specified to return only credentials for that provider.

Query Parameters
  • oauth_provider string

    Possible values: [google, github, bitbucket, gitlab, facebook, line, azuread, okta, apple]

    The name of the OAuth provider

Header Parameters
  • SlashID-OrgID string required

    The organization ID

    Example: af5fbd30-7ce7-4548-8b30-4cd59cb2aba1
Responses

OK


Schema
  • meta object
  • pagination object
  • limit integer
  • offset integer
  • total_count int64
  • errors object[]
  • httpcode integer
  • message string
  • result object[]
  • client_id string
  • provider string

    Possible values: [google, github, bitbucket, gitlab, facebook, line, azuread, okta, apple]

  • label string
  • external_cred_id string

    External credential ID

  • enable_in_slashid_oidc_authz_server boolean

    Indicates whether these credentials can be used for SSO authentication during an OIDC flow in which SlashID acts as the Authorization Server.

  • options object

    Options for supported third-party providers.

  • google object
  • authorize_scopes string[]

    Default value: openid,email,profile

    The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

    Read Google's documentation to know more.

    Note: scopes openid, email, and profile are always requested.

  • github object
  • authorize_scopes string[]

    Default value: read:user,user:email

    The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

    Read GitHub's documentation to know more.

    Note: scopes read:user and user:email are always requested.

  • bitbucket object
  • authorize_scopes string[]

    Default value: account

    The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

    Read Bitbucket's documentation to know more.

    Note: scope account is always requested.

  • gitlab object
  • authorize_scopes string[]

    Default value: read_user

    The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

    Read GitLab's documentation to know more.

    Note: scope read_user is always requested.

  • facebook object
  • authorize_scopes string[]

    Default value: email,public_profile

    The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

    Read Facebook's documentation to know more.

    Note: scopes email and public_profile are always requested.

  • line object
  • authorize_scopes string[]

    Default value: openid,email,profile

    The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

    Read Line's documentation to know more.

    Note: scopes openid, email, and profile are always requested.

  • azuread object
  • authorize_scopes string[]

    Default value: openid,email,profile,User.Read

    The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

    Read Azure AD's documentation to know more.

    Note: scopes openid, email, profile, and User.Read are always requested.

  • tenant string

    Default value: common

    The tenant ID of the Azure AD tenant (a GUID), its tenant domain, or one of the pseudo tenants: common, organizations or consumer.

    Read Azure AD's documentation to know more.

  • okta object
  • authorize_scopes string[]

    Default value: openid,email,profile

    The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

    Read [Okta's documentation]https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm) to know more.

    Note: scopes openid, email, profile are always requested.

  • organization_url string

    The organization URL for Okta.

    Read Okta's documentation to know more.

  • apple object
  • authorize_scopes string[]

    Default value: openid,email,name

    The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

    Note: scopes openid, email, name are always requested.

  • private_key string

    An ES256 private key downloaded from your Apple developer account in PKCS8 format.

  • team_id string

    The 10-character Team ID associated with your Apple developer account. This will be used as the issuer claim in client secret JWTs.

  • key_id string

    A 10-character key identifier generated for the Account and Organizational Data Sharing private key associated with your developer account.

  • secret_lifetime string

    The lifetime of each generated client secret. The value provided should be a string that can be parsed as a Golang time.Duration; for example, "1m" (one minute), "24h" (24 hours). The lifetime may not be less than 5 minutes (300 seconds), and may not be more than 15,777,000 seconds (6 months). If not set, defaults to 30 days.