Get OIDC auth settings

GET <your-unleash-url>/api/admin/auth/oidc/settings

Returns the current settings for OIDC Authentication

Responses

oidcSettingsResponseSchema

application/json

Schema
Example (auto)

Schema

enabledboolean

Whether to enable or disable OpenID Connect for this instance

Possible values: [true]

Example: true

discoverUrluri

The .well-known OpenID discover URL

Example: https://myoidchost.azure.com/.well-known/openid-configuration

clientIdstring

The OIDC client ID of this application.

Example: FB87266D-CDDB-4BCF-BB1F-8392FD0EDC1B

secretstring

Shared secret from OpenID server. Used to authenticate login requests

Example: qjcVfeFjEfoYAF3AEsX2IMUWYuUzAbXO

autoCreateboolean

Auto create users based on email addresses from login tokens

enableSingleSignOutboolean

Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

defaultRootRolestring

Default role granted to users auto-created from email. Only relevant if autoCreate is true

Possible values: [Viewer, Editor, Admin]

defaultRootRoleIdnumber

Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.

Example: 2

emailDomainsstring

Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true

Example: getunleash.io,getunleash.ai

acrValuesstring

Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information

Example: urn:okta:loa:2fa:any phr

idTokenSigningAlgorithmstring

The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.

Possible values: [RS256, RS384, RS512]

Example: RS256

enableGroupSyncingboolean

Should we enable group syncing. Refer to the documentation Group syncing

Example: false

groupJsonPathstring

Specifies the path in the OIDC token response to read which groups the user belongs to from.

Example: groups

addGroupsScopeboolean

When enabled Unleash will also request the 'groups' scope as part of the login request.

Example: false

{
  "enabled": true,
  "discoverUrl": "https://myoidchost.azure.com/.well-known/openid-configuration",
  "clientId": "FB87266D-CDDB-4BCF-BB1F-8392FD0EDC1B",
  "secret": "qjcVfeFjEfoYAF3AEsX2IMUWYuUzAbXO",
  "autoCreate": true,
  "enableSingleSignOut": true,
  "defaultRootRole": "Viewer",
  "defaultRootRoleId": 2,
  "emailDomains": "getunleash.io,getunleash.ai",
  "acrValues": "urn:okta:loa:2fa:any phr",
  "idTokenSigningAlgorithm": "RS256",
  "enableGroupSyncing": false,
  "groupJsonPath": "groups",
  "addGroupsScope": false
}

The request data does not match what we expect.

application/json

Schema
Example (auto)

Schema

idstring

The ID of the error instance

Example: 9c40958a-daac-400e-98fb-3bb438567008

namestring

The name of the error kind

Example: ValidationError

messagestring

A description of what went wrong.

Example: The request payload you provided doesn't conform to the schema. The .parameters property should be object. You sent [].

{
  "id": "9c40958a-daac-400e-98fb-3bb438567008",
  "name": "ValidationError",
  "message": "The request payload you provided doesn't conform to the schema. The .parameters property should be object. You sent []."
}

Authorization information is missing or invalid. Provide a valid API token as the authorization header, e.g. authorization:*.*.my-admin-token.

application/json

Schema
Example (auto)

Schema

idstring

The ID of the error instance

Example: 9c40958a-daac-400e-98fb-3bb438567008

namestring

The name of the error kind

Example: AuthenticationRequired

messagestring

A description of what went wrong.

Example:

You must log in to use Unleash. Your request had no authorization header, so we could not authorize you. Try logging in at /auth/simple/login.

{
  "id": "9c40958a-daac-400e-98fb-3bb438567008",
  "name": "AuthenticationRequired",
  "message": "You must log in to use Unleash. Your request had no authorization header, so we could not authorize you. Try logging in at /auth/simple/login."
}

The provided user credentials are valid, but the user does not have the necessary permissions to perform this operation

application/json

Schema
Example (auto)

Schema

idstring

The ID of the error instance

Example: 9c40958a-daac-400e-98fb-3bb438567008

namestring

The name of the error kind

Example: NoAccessError

messagestring

A description of what went wrong.

Example: You need the "UPDATE_ADDON" permission to perform this action in the "development" environment.

{
  "id": "9c40958a-daac-400e-98fb-3bb438567008",
  "name": "NoAccessError",
  "message": "You need the \"UPDATE_ADDON\" permission to perform this action in the \"development\" environment."
}

Authorization: Authorization

name: Authorizationtype: apiKeyin: headerdescription: API key needed to access this API

CURL

curl -L '<your-unleash-url>/api/admin/auth/oidc/settings' \
-H 'Accept: application/json' \
-H 'Authorization: <Authorization>'

ResponseClear

Click the Send API Request button above and see the response here!

Get OIDC auth settings

<your-unleash-url>/api/admin/auth/oidc/settings

Responses​

Authorization: Authorization

Responses