# Get OIDC auth settings GET https://app.unleash-instance.example.com/api/admin/auth/oidc/settings **Enterprise feature** Returns the current settings for OIDC Authentication Reference: https://docs.getunleash.io/api/get-oidc-settings ## OpenAPI Specification ```yaml openapi: 3.1.1 info: title: Get OIDC auth settings version: endpoint_auth.getOidcSettings paths: /api/admin/auth/oidc/settings: get: operationId: get-oidc-settings summary: Get OIDC auth settings description: |- **Enterprise feature** Returns the current settings for OIDC Authentication tags: - - subpackage_auth parameters: - name: Authorization in: header description: Header authentication of the form `undefined ` required: true schema: type: string responses: '200': description: oidcSettingsResponseSchema content: application/json: schema: $ref: '#/components/schemas/oidcSettingsResponseSchema' '400': description: The request data does not match what we expect. content: {} '401': description: >- Authorization information is missing or invalid. Provide a valid API token as the `authorization` header, e.g. `authorization:*.*.my-admin-token`. content: {} '403': description: >- The provided user credentials are valid, but the user does not have the necessary permissions to perform this operation content: {} components: schemas: OidcSettingsResponseSchemaDefaultRootRole: type: string enum: - value: Viewer - value: Editor - value: Admin OidcSettingsResponseSchemaIdTokenSigningAlgorithm: type: string enum: - value: RS256 - value: RS384 - value: RS512 oidcSettingsResponseSchema: type: object properties: enabled: type: boolean description: Whether to enable or disable OpenID Connect for this instance discoverUrl: type: string format: uri description: >- The [.well-known OpenID discover URL](https://swagger.io/docs/specification/authentication/openid-connect-discovery/) clientId: type: string description: The OIDC client ID of this application. secret: type: string description: >- Shared secret from OpenID server. Used to authenticate login requests autoCreate: type: boolean description: Auto create users based on email addresses from login tokens enableSingleSignOut: type: boolean description: >- Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active defaultRootRole: $ref: '#/components/schemas/OidcSettingsResponseSchemaDefaultRootRole' description: >- [Default role](https://docs.getunleash.io/concepts/rbac#standard-roles) granted to users auto-created from email. Only relevant if autoCreate is `true` defaultRootRoleId: type: number format: double description: >- Assign this root role to auto created users. Should be a role ID and takes precedence over `defaultRootRole`. emailDomains: type: string description: >- Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is `true` acrValues: type: string description: > Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult [the OIDC reference](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint) for more information idTokenSigningAlgorithm: $ref: >- #/components/schemas/OidcSettingsResponseSchemaIdTokenSigningAlgorithm description: >- The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. enableGroupSyncing: type: boolean description: >- Should we enable group syncing. Refer to the documentation [Group syncing](https://docs.getunleash.io/guides/how-to-set-up-group-sso-sync) groupJsonPath: type: string description: >- Specifies the path in the OIDC token response to read which groups the user belongs to from. addGroupsScope: type: boolean description: >- When enabled Unleash will also request the 'groups' scope as part of the login request. enablePkce: type: boolean description: >- Enable PKCE (Proof Key for Code Exchange) for enhanced security. Recommended for public clients and provides additional protection against authorization code interception attacks. ``` ## SDK Code Examples ```python import requests url = "https://app.unleash-instance.example.com/api/admin/auth/oidc/settings" headers = {"Authorization": ""} response = requests.get(url, headers=headers) print(response.json()) ``` ```javascript const url = 'https://app.unleash-instance.example.com/api/admin/auth/oidc/settings'; const options = {method: 'GET', headers: {Authorization: ''}}; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "net/http" "io" ) func main() { url := "https://app.unleash-instance.example.com/api/admin/auth/oidc/settings" req, _ := http.NewRequest("GET", url, nil) req.Header.Add("Authorization", "") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://app.unleash-instance.example.com/api/admin/auth/oidc/settings") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Get.new(url) request["Authorization"] = '' response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.get("https://app.unleash-instance.example.com/api/admin/auth/oidc/settings") .header("Authorization", "") .asString(); ``` ```php request('GET', 'https://app.unleash-instance.example.com/api/admin/auth/oidc/settings', [ 'headers' => [ 'Authorization' => '', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://app.unleash-instance.example.com/api/admin/auth/oidc/settings"); var request = new RestRequest(Method.GET); request.AddHeader("Authorization", ""); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = ["Authorization": ""] let request = NSMutableURLRequest(url: NSURL(string: "https://app.unleash-instance.example.com/api/admin/auth/oidc/settings")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "GET" request.allHTTPHeaderFields = headers let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```