Replace
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/web/custom/namespaces/example/oidc_providers/example';const options = { method: 'PUT', headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'}, body: '{"name":"example","namespace":"example","spec":{"azure_oidc_spec_type":{"authorization_url":"example","backchannel_logout":true,"client_id":"example","client_secret":"example","default_scopes":"example","issuer":"example","jwks_url":"example","logout_url":"example","prompt":"UNSPECIFIED","token_url":"example","user_info_url":"example"},"google_oidc_spec_type":{"client_id":"example","client_secret":"example","hosted_domain":"example"},"oidc_v10_spec_type":{"allowed_clock_skew":"example","authorization_url":"example","backchannel_logout":true,"client_id":"example","client_secret":"example","default_scopes":"example","disable_user_info":true,"display_name":"example","forwarded_query_parameters":"example","issuer":"example","jwks_url":"example","logout_url":"example","pass_current_locale":true,"pass_login_hint":true,"prompt":"UNSPECIFIED","token_url":"example","user_info_url":"example","validate_signatures":true},"okta_oidc_spec_type":{"authorization_url":"example","backchannel_logout":true,"client_id":"example","client_secret":"example","default_scopes":"example","issuer":"example","jwks_url":"example","logout_url":"example","prompt":"UNSPECIFIED","token_url":"example","user_info_url":"example"},"provider_type":"DEFAULT"}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request PUT \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/web/custom/namespaces/example/oidc_providers/example \ --header 'Authorization: <Authorization>' \ --header 'Content-Type: application/json' \ --data '{ "name": "example", "namespace": "example", "spec": { "azure_oidc_spec_type": { "authorization_url": "example", "backchannel_logout": true, "client_id": "example", "client_secret": "example", "default_scopes": "example", "issuer": "example", "jwks_url": "example", "logout_url": "example", "prompt": "UNSPECIFIED", "token_url": "example", "user_info_url": "example" }, "google_oidc_spec_type": { "client_id": "example", "client_secret": "example", "hosted_domain": "example" }, "oidc_v10_spec_type": { "allowed_clock_skew": "example", "authorization_url": "example", "backchannel_logout": true, "client_id": "example", "client_secret": "example", "default_scopes": "example", "disable_user_info": true, "display_name": "example", "forwarded_query_parameters": "example", "issuer": "example", "jwks_url": "example", "logout_url": "example", "pass_current_locale": true, "pass_login_hint": true, "prompt": "UNSPECIFIED", "token_url": "example", "user_info_url": "example", "validate_signatures": true }, "okta_oidc_spec_type": { "authorization_url": "example", "backchannel_logout": true, "client_id": "example", "client_secret": "example", "default_scopes": "example", "issuer": "example", "jwks_url": "example", "logout_url": "example", "prompt": "UNSPECIFIED", "token_url": "example", "user_info_url": "example" }, "provider_type": "DEFAULT" } }'Replace updates OIDC provider parameters for a given provider instance. Since we never store client secret, any time this operation is performed, user will need to input the original/new client secret along with other existing fields as delta operations is not supported.
NOTE: Operations performed via API client is encouraged to issue a detail GET on the current
oidc_provider resource to retrieve all configured fields and this can be used in constructing payload
for the update operation. Params which are not sent as part of replace operation will GET removed/unset
if those params were configured prior to this operation. So its important that replace operation payload
needs to have complete fields with their values as required in your final configuration.
For example: admin needs to update client secret of an existing SSO configuation - first issue detail GET on the
current oidc_provider resource, use all of the fields in spec.gc_spec from response and construct the replace
request spec. Now update only client_secret field with the new value as required and send request.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace Supports only system namespace.
Name Name of the oidc_provider object.
Request Bodyrequired
Section titled “Request Bodyrequired”ReplaceRequest is the request format for replacing an OIDC provider in IAM.
object
Name of the oidc_provider object.
Supports only system namespace.
object
object
The authorization URL of your OIDC application. Required: YES.
Does the external IDP support backchannel logout?
Client ID of the OIDC application registered with Azure provider. REQUIRED field Required: YES.
Secret of the OIDC application registered with Azure provider. Required: YES.
The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. The recommendation is to set the default scopes as ‘openid profile email’ and is to add additional scopes if needed.
The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
URL where identity provider keys in JWK format are stored.
Logout URL specified in your OIDC application.
The token URL of your OIDC application. Required: YES.
The User Info URL specified in your OIDC application.
object
Client ID of the OIDC application registered with google provider. REQUIRED field Required: YES.
Secret of the OIDC application registered with google provider. Required: YES.
Set hosted domain to restrict user input on login form to use email address from this email domain. For example, setting value company.com will enforce user email input to have only username@company.com leave empty if no restriction is required for email address. Ie for example allow user@company1.com and user@company2.com.
object
Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is zero.
The authorization URL of your OIDC application. Required: YES.
Does the external IDP support backchannel logout?
Client ID of the OIDC application registered with your identity/OIDC provider. Required: YES.
Secret of the OIDC application registered with your identity/OIDC provider. Required: YES.
The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. The recommendation is to set the default scopes as ‘openid profile email’ and is to add additional scopes if needed.
Disable fetching of user info information.
Friendly name for identity provider.
Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint. Multiple parameters can be entered, separated by comma (,).
The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
URL where identity provider keys in JWK format are stored.
Logout URL specified in your OIDC application.
Pass the current locale to the identity provider.
Pass login_hint to identity provider.
The token URL of your OIDC application. Required: YES.
The User Info URL specified in your OIDC application.
Enable/disable signature validation of external IDP signatures.
object
The authorization URL of your OIDC application. Required: YES.
Does the external IDP support backchannel logout?
Client ID of the OIDC application registered with Azure provider. Required: YES.
Secret of the OIDC application registered with Azure provider. Required: YES.
The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. The recommendation is to set the default scopes as ‘openid profile email’ and is to add additional scopes if needed.
The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
URL where identity provider keys in JWK format are stored.
Logout URL specified in your OIDC application.
The token URL of your OIDC application. Required: YES.
The User Info URL specified in your OIDC application.
Responses
Section titled “Responses”A successful response.
ReplaceResponse is the response format for replacing an OIDC provider in IAM. Response body is empty.
object
Example
{ "err": "EUNKNOWN"}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example