Update OpenID Connect Identity Provider

This method updates an existing OIDC Identity Provider. Any user who is a member of the Vault admins group can run this web service.

URL

https://{PVWA_SERVER}/passwordvault/api/Configuration/OIDC/Providers/{id}/

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

Resource information

HTTP method	Content type
PUT	application/json

Header parameter

Parameter	Description
Authorization	The token that identifies the session, encoded in BASE 64. Type: string Mandatory: yes Default value: none

Parameter

Description

Authorization

The token that identifies the session, encoded in BASE 64.

Type: string

Mandatory: yes

Default value: none

URL parameter

Parameter	Description
id	The unique identifier of the provider. This ID is used to identify the OIDC Identity Provider in PVWA. Type: string Mandatory: yes Default value: none Max length: 50

Body parameters

{
"authenticationFlow": "Code",
"discoveryEndpointUrl": "https://10.10.22.121/OPServer/.well-known/openid-configuration",
"clientId": "pvwa",
"clientSecretMethod" : "basic",
"userNameClaim": "given_name"
}

Parameter	Description
authenticationFlow	The OIDC connection flow. Type: string Mandatory: no Default value: Code Valid values: Code
authenticationEndpointUrl	The URL of the provider's authorization endpoint. Authentication requests will be sent to this URL. Note: This is not relevant if the Discovery URL is provided. Type: URL Mandatory: yes (when no discovery URL is provided) Default value: no
issuer	The Issuer Identifier for the OpenID Provider. This is used by the application to verify that the response was issued from a specific provider. Note: This is not relevant if the Discovery URL is provided. Type: string Mandatory: yes (when no discovery URL is provided) Default value: no
description	A description of the provider. Type: string Mandatory: no Default value: none Max length: 255
discoveryEndpointUrl	OIDC defines a discovery mechanism, called OpenID Connect Discovery, where an OIDC Identity provider publishes its metadata at a well-known URL. This URL is metadata that describes the provider's configuration. Type: URL Mandatory: yes Default value: none
jwkSet	(JSON web key set) The set of keys provided by the OIDC Identity Provider for validating JWT (JSON web tokens) during the authentication flow. The JSON must include a "keys" parameter, which is an array of JWKs (JWT signing keys). Note: This is not relevant if the Discovery URL is provided. Type: string Mandatory: yes (when no discovery URL is provided) Default value: none
clientId	The unique identifier for the client application. This ID is created by the provider, and assigned to each client application upon registration. Type: string Mandatory: yes Default value: none Max length: 100
clientSecret	The client secret is only known to the application and the provider for secure communication during the authentication flow. This secret is created by the provider, and assigned to each client application upon registration. Type: string Mandatory: no Default value: none Max length: 200
clientSecretMethod	The client authentication method for the client secret. Type: string Mandatory: yes Default value: none Valid values: Basic, Post Max length: 50
userNameClaim	The property in the ID token provided by the OIDC Identity Provider that contains the user name. Note: By default, the system will use the preferred_username claim in the ID token. Type: string Mandatory: no Default value: preferred_username Valid characters: Aa-Zz, underscore "_" Max length: 50

Result

None

Return codes

For a complete list of return codes, see Return Codes.