Create a new set of OIDC provider credentials for SSO
Create a new set of OIDC provider credentials for your organization to use with SSO. Includes a client ID, client secret, and the name of the provider. The client ID and client secret should be generated separately using the third-party identity provider you wish to integrate with (such as Google). Not all identity providers are currently supported.
Header Parameters
- SlashID-OrgID string required
The organization ID
Example: af5fbd30-7ce7-4548-8b30-4cd59cb2aba1 - SlashID-Required-Consistency string
Possible values: [
local_region
,all_regions
]Default value:
local_region
The consistency level required for this request. If the consistency level is not achieved within the timeout, the request will fail with a 408 Request Timeout error. 408 Request Timeout error indicates that request was not handled within the timeout, but it may still be handled after request timeout. Allowed values: *
local_region
: Wait while the request executes in the local region. *all_regions
: Wait while the request executes across all regions. You can learn more about our replication model on our Cross-region Replication Model page. - SlashID-Required-Consistency-Timeout integer
Possible values:
>= 1
and<= 120
Default value:
30
The maximum amount of seconds to wait for the requested consistency level to be achieved. If the consistency level is not achieved within this time, the request will fail with a 408 Request Timeout error. 408 Request Timeout error indicates that request was not handled within the timeout, but it may still be handled after request timeout. You can learn more about our replication model on our Cross-region Replication Model page.
- application/json
Request Body
- client_id string required
- client_secret string required
- provider string required
Possible values: [
google
,github
,bitbucket
,gitlab
,facebook
,line
,azuread
,okta
,apple
] - label string
- external_cred string
External credential ID
- external_cred_id string
External credential ID
- enable_in_slashid_oidc_authz_server boolean
Indicates whether these credentials can be used for SSO authentication during an OIDC flow in which SlashID acts as the Authorization Server.
options object
Options for supported third-party providers.
google object
authorize_scopes string[]Default value:
openid,email,profile
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read Google's documentation to know more.
Note: scopes
openid
,email
, andprofile
are always requested.github object
authorize_scopes string[]Default value:
read:user,user:email
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read GitHub's documentation to know more.
Note: scopes
read:user
anduser:email
are always requested.bitbucket object
authorize_scopes string[]Default value:
account
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read Bitbucket's documentation to know more.
Note: scope
account
is always requested.gitlab object
authorize_scopes string[]Default value:
read_user
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read GitLab's documentation to know more.
Note: scope
read_user
is always requested.facebook object
authorize_scopes string[]Default value:
email,public_profile
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read Facebook's documentation to know more.
Note: scopes
email
andpublic_profile
are always requested.line object
authorize_scopes string[]Default value:
openid,email,profile
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read Line's documentation to know more.
Note: scopes
openid
,email
, andprofile
are always requested.azuread object
authorize_scopes string[]Default value:
openid,email,profile,User.Read
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read Azure AD's documentation to know more.
Note: scopes
openid
,email
,profile
, andUser.Read
are always requested.tenant stringDefault value:
common
The tenant ID of the Azure AD tenant (a GUID), its tenant domain, or one of the pseudo tenants:
common
,organizations
orconsumer
.Read Azure AD's documentation to know more.
okta object
authorize_scopes string[]Default value:
openid,email,profile
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Read [Okta's documentation]https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm) to know more.
Note: scopes
openid
,email
,profile
are always requested.organization_url stringThe organization URL for Okta.
Read Okta's documentation to know more.
apple object
See https://developer.apple.com/documentation/accountorganizationaldatasharing/creating-a-client-secret
authorize_scopes string[]Default value:
openid,email,name
The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.
Note: scopes
openid
,email
,name
are always requested.private_key string requiredAn ES256 private key downloaded from your Apple developer account in PKCS8 format.
team_id string requiredThe 10-character Team ID associated with your Apple developer account. This will be used as the issuer claim in client secret JWTs.
key_id string requiredA 10-character key identifier generated for the Account and Organizational Data Sharing private key associated with your developer account.
secret_lifetime string requiredThe lifetime of each generated client secret. The value provided should be a string that can be parsed as a Golang
time.Duration
; for example, "1m" (one minute), "24h" (24 hours). The lifetime may not be less than 5 minutes (300 seconds), and may not be more than 15,777,000 seconds (6 months). If not set, defaults to 30 days.
- 201
- 400
OK
- application/json
- Schema
- Example (from schema)
Schema
meta object
pagination object
limit integeroffset integertotal_count int64errors object[]
httpcode integermessage string
{
"meta": {
"pagination": {
"limit": 0,
"offset": 0,
"total_count": 0
}
},
"errors": [
{
"httpcode": 0,
"message": "string"
}
]
}
Bad Request
- application/json
- Schema
- Example (from schema)
Schema
meta object
pagination object
limit integeroffset integertotal_count int64errors object[]
httpcode integermessage string
{
"meta": {
"pagination": {
"limit": 0,
"offset": 0,
"total_count": 0
}
},
"errors": [
{
"httpcode": 0,
"message": "string"
}
]
}