Skip to main content

Set OIDC settings

POST /api/admin/auth/oidc/settings

Configure OpenID Connect as a login provider for Unleash.

Request

Body

required

oidcSettingsSchema

  • enabled boolean

    true if OpenID connect is turned on for this instance, otherwise false

  • discoverUrl string
  • clientId string required

    The OIDC client ID of this application.

  • secret string required

    Shared secret from OpenID server. Used to authenticate login requests

  • autoCreate boolean

    Auto create users based on email addresses from login tokens

  • enableSingleSignOut boolean

    Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

  • defaultRootRole string

    Possible values: [Viewer, Editor, Admin]

    Default role granted to users auto-created from email. Only relevant if autoCreate is true

  • defaultRootRoleId number

    Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.

  • emailDomains string

    Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true

  • acrValues string

    Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information

  • idTokenSigningAlgorithm string

    Possible values: [RS256, RS384, RS512]

    The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.

Responses

oidcSettingsSchema

Schema
  • enabled boolean

    true if OpenID connect is turned on for this instance, otherwise false

  • discoverUrl string
  • clientId string required

    The OIDC client ID of this application.

  • secret string required

    Shared secret from OpenID server. Used to authenticate login requests

  • autoCreate boolean

    Auto create users based on email addresses from login tokens

  • enableSingleSignOut boolean

    Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

  • defaultRootRole string

    Possible values: [Viewer, Editor, Admin]

    Default role granted to users auto-created from email. Only relevant if autoCreate is true

  • defaultRootRoleId number

    Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.

  • emailDomains string

    Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true

  • acrValues string

    Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information

  • idTokenSigningAlgorithm string

    Possible values: [RS256, RS384, RS512]

    The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.

Loading...