Get OIDC auth settings

GET 
/api/admin/auth/oidc/settings

Returns the current settings for OIDC Authentication

Responses

200

oidcSettingsResponseSchema

application/json

Schema

Schema

enabled boolean
Whether to enable or disable OpenID Connect for this instance
Possible values: [true]
Example: true
discoverUrl uri
The .well-known OpenID discover URL
Example: https://myoidchost.azure.com/.well-known/openid-configuration
clientId string
The OIDC client ID of this application.
Example: FB87266D-CDDB-4BCF-BB1F-8392FD0EDC1B
secret string
Shared secret from OpenID server. Used to authenticate login requests
Example: qjcVfeFjEfoYAF3AEsX2IMUWYuUzAbXO
autoCreate boolean

Auto create users based on email addresses from login tokens

enableSingleSignOut boolean

Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

defaultRootRole string

Default role granted to users auto-created from email. Only relevant if autoCreate is true

Possible values: [Viewer, Editor, Admin]

defaultRootRoleId number
Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.
Example: 2
emailDomains string
Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true
Example: getunleash.io,getunleash.ai
acrValues string
Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information
Example: urn:okta:loa:2fa:any phr
idTokenSigningAlgorithm string
The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.
Possible values: [RS256, RS384, RS512]
Example: RS256
enableGroupSyncing boolean
Should we enable group syncing. Refer to the documentation Group syncing
Example: false
groupJsonPath string
Specifies the path in the OIDC token response to read which groups the user belongs to from.
Example: groups
addGroupsScope boolean
When enabled Unleash will also request the 'groups' scope as part of the login request.
Example: false

Example (from schema)

{
  "enabled": true,
  "discoverUrl": "https://myoidchost.azure.com/.well-known/openid-configuration",
  "clientId": "FB87266D-CDDB-4BCF-BB1F-8392FD0EDC1B",
  "secret": "qjcVfeFjEfoYAF3AEsX2IMUWYuUzAbXO",
  "autoCreate": true,
  "enableSingleSignOut": true,
  "defaultRootRole": "Viewer",
  "defaultRootRoleId": 2,
  "emailDomains": "getunleash.io,getunleash.ai",
  "acrValues": "urn:okta:loa:2fa:any phr",
  "idTokenSigningAlgorithm": "RS256",
  "enableGroupSyncing": false,
  "groupJsonPath": "groups",
  "addGroupsScope": false
}

400

The request data does not match what we expect.

application/json

Schema

Schema

id string
The ID of the error instance
Example: 9c40958a-daac-400e-98fb-3bb438567008
name string
The name of the error kind
Example: ValidationError
message string
A description of what went wrong.
Example: The request payload you provided doesn't conform to the schema. The .parameters property should be object. You sent [].

Example (from schema)

{
  "id": "9c40958a-daac-400e-98fb-3bb438567008",
  "name": "ValidationError",
  "message": "The request payload you provided doesn't conform to the schema. The .parameters property should be object. You sent []."
}

401

Authorization information is missing or invalid. Provide a valid API token as the authorization header, e.g. authorization:*.*.my-admin-token.

application/json

Schema

Schema

id string
The ID of the error instance
Example: 9c40958a-daac-400e-98fb-3bb438567008
name string
The name of the error kind
Example: AuthenticationRequired
message string
A description of what went wrong.
Example: You must log in to use Unleash. Your request had no authorization header, so we could not authorize you. Try logging in at /auth/simple/login.

Example (from schema)

{
  "id": "9c40958a-daac-400e-98fb-3bb438567008",
  "name": "AuthenticationRequired",
  "message": "You must log in to use Unleash. Your request had no authorization header, so we could not authorize you. Try logging in at /auth/simple/login."
}

403

The provided user credentials are valid, but the user does not have the necessary permissions to perform this operation

application/json

Schema

Schema

id string
The ID of the error instance
Example: 9c40958a-daac-400e-98fb-3bb438567008
name string
The name of the error kind
Example: NoAccessError
message string
A description of what went wrong.
Example: You need the "UPDATE_ADDON" permission to perform this action in the "development" environment.

Example (from schema)

{
  "id": "9c40958a-daac-400e-98fb-3bb438567008",
  "name": "NoAccessError",
  "message": "You need the \"UPDATE_ADDON\" permission to perform this action in the \"development\" environment."
}

Loading...