Get an existing set of OIDC provider credentials for SSO

Returns an existing set of OIDC provider for SSO, specified by the client ID.

Path Parameters

• oauth_client_id string required

  An OAuth client ID

Header Parameters

• SlashID-OrgID string required

  The organization ID

  Example: af5fbd30-7ce7-4548-8b30-4cd59cb2aba1

Responses

• 200
• 400
• 404

---

OK

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string
• result object

  Response when retrieving an OAuth credential

  client_id string

  provider string

  Possible values: [google, github, bitbucket, gitlab, facebook, line, azuread, okta, apple]

  label string

  external_cred_id string

  External credential ID

  enable_in_slashid_oidc_authz_server boolean

  Indicates whether these credentials can be used for SSO authentication during an OIDC flow in which SlashID acts as the Authorization Server.

  options object

  Options for supported third-party providers.

  google object

  authorize_scopes string[]

  Default value: openid,email,profile

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read Google's documentation to know more.

  Note: scopes openid, email, and profile are always requested.

  github object

  authorize_scopes string[]

  Default value: read:user,user:email

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read GitHub's documentation to know more.

  Note: scopes read:user and user:email are always requested.

  bitbucket object

  authorize_scopes string[]

  Default value: account

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read Bitbucket's documentation to know more.

  Note: scope account is always requested.

  gitlab object

  authorize_scopes string[]

  Default value: read_user

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read GitLab's documentation to know more.

  Note: scope read_user is always requested.

  facebook object

  authorize_scopes string[]

  Default value: email,public_profile

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read Facebook's documentation to know more.

  Note: scopes email and public_profile are always requested.

  line object

  authorize_scopes string[]

  Default value: openid,email,profile

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read Line's documentation to know more.

  Note: scopes openid, email, and profile are always requested.

  azuread object

  authorize_scopes string[]

  Default value: openid,email,profile,User.Read

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read Azure AD's documentation to know more.

  Note: scopes openid, email, profile, and User.Read are always requested.

  tenant string

  Default value: common

  The tenant ID of the Azure AD tenant (a GUID), its tenant domain, or one of the pseudo tenants: common, organizations or consumer.

  Read Azure AD's documentation to know more.

  okta object

  authorize_scopes string[]

  Default value: openid,email,profile

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Read [Okta's documentation]https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm) to know more.

  Note: scopes openid, email, profile are always requested.

  organization_url string

  The organization URL for Okta.

  Read Okta's documentation to know more.

  apple object

  See https://developer.apple.com/documentation/accountorganizationaldatasharing/creating-a-client-secret

  authorize_scopes string[]

  Default value: openid,email,name

  The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

  Note: scopes openid, email, name are always requested.

  private_key string

  An ES256 private key downloaded from your Apple developer account in PKCS8 format.

  team_id string

  The 10-character Team ID associated with your Apple developer account. This will be used as the issuer claim in client secret JWTs.

  key_id string

  A 10-character key identifier generated for the Account and Organizational Data Sharing private key associated with your developer account.

  secret_lifetime string

  The lifetime of each generated client secret. The value provided should be a string that can be parsed as a Golang time.Duration; for example, "1m" (one minute), "24h" (24 hours). The lifetime may not be less than 5 minutes (300 seconds), and may not be more than 15,777,000 seconds (6 months). If not set, defaults to 30 days.

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ],
  "result": {
    "client_id": "string",
    "provider": "google",
    "label": "string",
    "external_cred_id": "string",
    "enable_in_slashid_oidc_authz_server": true,
    "options": {
      "google": {
        "authorize_scopes": [
          "string"
        ]
      },
      "github": {
        "authorize_scopes": [
          "string"
        ]
      },
      "bitbucket": {
        "authorize_scopes": [
          "string"
        ]
      },
      "gitlab": {
        "authorize_scopes": [
          "string"
        ]
      },
      "facebook": {
        "authorize_scopes": [
          "string"
        ]
      },
      "line": {
        "authorize_scopes": [
          "string"
        ]
      },
      "azuread": {
        "authorize_scopes": [
          "string"
        ],
        "tenant": "common"
      },
      "okta": {
        "authorize_scopes": [
          "string"
        ],
        "organization_url": "string"
      },
      "apple": {
        "authorize_scopes": [
          "string"
        ],
        "private_key": "string",
        "team_id": "string",
        "key_id": "string",
        "secret_lifetime": "string"
      }
    }
  }
}

Bad Request

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ]
}

Not Found

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ]
}