Skip to main content

Get OIDC auth settings

GET /api/admin/auth/oidc/settings

Returns the current settings for OIDC Authentication

Request

Responses

oidcSettingsResponseSchema

Schema
  • enabled boolean

    Possible values: [true]

    Whether to enable or disable OpenID Connect for this instance

  • clientId string

    The OIDC client ID of this application.

  • secret string

    Shared secret from OpenID server. Used to authenticate login requests

  • autoCreate boolean

    Auto create users based on email addresses from login tokens

  • enableSingleSignOut boolean

    Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

  • defaultRootRole string

    Possible values: [Viewer, Editor, Admin]

    Default role granted to users auto-created from email. Only relevant if autoCreate is true

  • defaultRootRoleId number

    Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.

  • emailDomains string

    Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true

  • acrValues string

    Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information

  • idTokenSigningAlgorithm string

    Possible values: [RS256, RS384, RS512]

    The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.

  • enableGroupSyncing boolean

    Should we enable group syncing. Refer to the documentation Group syncing

  • groupJsonPath string

    Specifies the path in the OIDC token response to read which groups the user belongs to from.

  • addGroupsScope boolean

    When enabled Unleash will also request the 'groups' scope as part of the login request.

Loading...