Modify an existing set of OIDC provider credentials for SSO

Modifies the client secret and/or label of an existing set of OIDC provider credentials for SSO, specified by the client ID.

Path Parameters

• oauth_client_id string required

  An OAuth client ID

Header Parameters

• SlashID-OrgID string required

  The organization ID

  Example: af5fbd30-7ce7-4548-8b30-4cd59cb2aba1
• SlashID-Required-Consistency string

  Possible values: [local_region, all_regions]

  Default value: local_region

  The consistency level required for this request. If the consistency level is not achieved within the timeout, the request will fail with a 408 Request Timeout error. 408 Request Timeout error indicates that request was not handled within the timeout, but it may still be handled after request timeout. Allowed values: * local_region: Wait while the request executes in the local region. * all_regions: Wait while the request executes across all regions. You can learn more about our replication model on our Cross-region Replication Model page.

• SlashID-Required-Consistency-Timeout integer

  Possible values: >= 1 and <= 120

  Default value: 30

  The maximum amount of seconds to wait for the requested consistency level to be achieved. If the consistency level is not achieved within this time, the request will fail with a 408 Request Timeout error. 408 Request Timeout error indicates that request was not handled within the timeout, but it may still be handled after request timeout. You can learn more about our replication model on our Cross-region Replication Model page.

application/json

Request Body

• client_secret string
• label string
• external_cred string

  External credential ID

• external_cred_id string

  External credential ID

• options object

  Options for supported third-party providers.

  google object

  authorize_scopes string[]

  Default value: openid,email,profile

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read Google's documentation to know more.

  Note: scopes openid, email, and profile are always requested.

  github object

  authorize_scopes string[]

  Default value: read:user,user:email

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read GitHub's documentation to know more.

  Note: scopes read:user and user:email are always requested.

  bitbucket object

  authorize_scopes string[]

  Default value: account

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read Bitbucket's documentation to know more.

  Note: scope account is always requested.

  gitlab object

  authorize_scopes string[]

  Default value: read_user

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read GitLab's documentation to know more.

  Note: scope read_user is always requested.

  facebook object

  authorize_scopes string[]

  Default value: email,public_profile

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read Facebook's documentation to know more.

  Note: scopes email and public_profile are always requested.

  line object

  authorize_scopes string[]

  Default value: openid,email,profile

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read Line's documentation to know more.

  Note: scopes openid, email, and profile are always requested.

  azuread object

  authorize_scopes string[]

  Default value: openid,email,profile,User.Read

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read Azure AD's documentation to know more.

  Note: scopes openid, email, profile, and User.Read are always requested.

  tenant string

  Default value: common

  The tenant ID of the Azure AD tenant (a GUID), its tenant domain, or one of the pseudo tenants: common, organizations or consumer.

  Read Azure AD's documentation to know more.

  okta object

  authorize_scopes string[]

  Default value: openid,email,profile

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read [Okta's documentation]https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm) to know more.

  Note: scopes openid, email, profile are always requested.

  organization_url string

  The organization URL for Okta.

  Read Okta's documentation to know more.

  apple object

  See https://developer.apple.com/documentation/accountorganizationaldatasharing/creating-a-client-secret

  authorize_scopes string[]

  Default value: openid,email,name

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Note: scopes openid, email, name are always requested.

  private_key string required

  An ES256 private key downloaded from your Apple developer account in PKCS8 format.

  team_id string required

  The 10-character Team ID associated with your Apple developer account. This will be used as the issuer claim in client secret JWTs.

  key_id string required

  A 10-character key identifier generated for the Account and Organizational Data Sharing private key associated with your developer account.

  secret_lifetime string required

  The lifetime of each generated client secret. The value provided should be a string that can be parsed as a Golang time.Duration; for example, "1m" (one minute), "24h" (24 hours). The lifetime may not be less than 5 minutes (300 seconds), and may not be more than 15,777,000 seconds (6 months). If not set, defaults to 30 days.

• enable_in_slashid_oidc_authz_server boolean

  Indicates whether these credentials can be used for SSO authentication during an OIDC flow in which SlashID acts as the Authorization Server.

Responses

• 200
• 400
• 404

---

OK

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ]
}

Bad Request

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ]
}

Not Found

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ]
}