Get OIDC auth settings

GET /api/admin/auth/oidc/settings

Returns the current settings for OIDC Authentication

Request

Responses

• 200
• 400
• 401
• 403

---

oidcSettingsSchema

application/json

Schema

Schema

• enabled boolean

  true if OpenID connect is turned on for this instance, otherwise false

• discoverUrl string

  The .well-known OpenID discover URL

• clientId string required

  The OIDC client ID of this application.

• secret string required

  Shared secret from OpenID server. Used to authenticate login requests

• autoCreate boolean

  Auto create users based on email addresses from login tokens

• enableSingleSignOut boolean

  Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

• defaultRootRole string

  Possible values: [Viewer, Editor, Admin]

  Default role granted to users auto-created from email. Only relevant if autoCreate is true

• defaultRootRoleId number

  Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.

• emailDomains string

  Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true

• acrValues string

  Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information

• idTokenSigningAlgorithm string

  Possible values: [RS256, RS384, RS512]

  The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.

Example (from schema)

{
  "enabled": true,
  "discoverUrl": "https://myoidchost.azure.com/.well-known/openid-configuration",
  "clientId": "FB87266D-CDDB-4BCF-BB1F-8392FD0EDC1B",
  "secret": "qjcVfeFjEfoYAF3AEsX2IMUWYuUzAbXO",
  "autoCreate": true,
  "enableSingleSignOut": true,
  "defaultRootRole": "Viewer",
  "defaultRootRoleId": 2,
  "emailDomains": "getunleash.io,getunleash.ai",
  "acrValues": "urn:okta:loa:2fa:any phr",
  "idTokenSigningAlgorithm": "RS256"
}

The request data does not match what we expect.

application/json

Schema

Schema

• id string

  The ID of the error instance

• name string

  The name of the error kind

• message string

  A description of what went wrong.

Example (from schema)

{
  "id": "9c40958a-daac-400e-98fb-3bb438567008",
  "name": "ValidationError",
  "message": "The request payload you provided doesn't conform to the schema. The .parameters property should be object. You sent []."
}

Authorization information is missing or invalid. Provide a valid API token as the authorization header, e.g. authorization:*.*.my-admin-token.

application/json

Schema

Schema

• id string

  The ID of the error instance

• name string

  The name of the error kind

• message string

  A description of what went wrong.

Example (from schema)

{
  "id": "9c40958a-daac-400e-98fb-3bb438567008",
  "name": "AuthenticationRequired",
  "message": "You must log in to use Unleash. Your request had no authorization header, so we could not authorize you. Try logging in at /auth/simple/login."
}

The provided user credentials are valid, but the user does not have the necessary permissions to perform this operation

application/json

Schema

Schema

• id string

  The ID of the error instance

• name string

  The name of the error kind

• message string

  A description of what went wrong.

Example (from schema)

{
  "id": "9c40958a-daac-400e-98fb-3bb438567008",
  "name": "NoAccessError",
  "message": "You need the \"UPDATE_ADDON\" permission to perform this action in the \"development\" environment."
}

Loading...