Update OpenID Connect Identity Provider
This method updates an existing OIDC Identity Provider. Any user who is a member of the Vault admins group can run this web service.
URL
|
-
Make sure there are no spaces in the URL.
-
The following characters are not supported in URL values: + & %
-
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/
Resource information
HTTP method |
Content type |
---|---|
PUT |
application/json |
Header parameter
Parameter |
Description |
---|---|
Authorization |
The token that identifies the session, encoded in BASE 64. Type: string Mandatory: yes Default value: none |
URL parameter
Parameter |
Description |
---|---|
id |
The unique identifier of the provider. This ID is used to identify the OIDC Identity Provider in PVWA. Type: string Mandatory: yes Default value: none Max length: 50 |
Body parameters
|
Parameter |
Description |
---|---|
authenticationFlow |
The OIDC connection flow. Type: string Mandatory: no Default value: Code Valid values: Code |
authenticationEndpointUrl |
The URL of the provider's authorization endpoint. Authentication requests will be sent to this URL. Note: This is not relevant if the Discovery URL is provided. Type: URL Mandatory: yes (when no discovery URL is provided) Default value: no |
issuer |
The Issuer Identifier for the OpenID Provider. This is used by the application to verify that the response was issued from a specific provider. Note: This is not relevant if the Discovery URL is provided. Type: string Mandatory: yes (when no discovery URL is provided) Default value: no |
description |
A description of the provider. Type: string Mandatory: no Default value: none Max length: 255 |
discoveryEndpointUrl |
OIDC defines a discovery mechanism, called OpenID Connect Discovery, where an OIDC Identity provider publishes its metadata at a well-known URL. This URL is metadata that describes the provider's configuration. Type: URL Mandatory: yes Default value: none |
jwkSet |
(JSON web key set) The set of keys provided by the OIDC Identity Provider for validating JWT (JSON web tokens) during the authentication flow. The JSON must include a "keys" parameter, which is an array of JWKs (JWT signing keys). Note: This is not relevant if the Discovery URL is provided. Type: string Mandatory: yes (when no discovery URL is provided) Default value: none |
clientId |
The unique identifier for the client application. This ID is created by the provider, and assigned to each client application upon registration. Type: string Mandatory: yes Default value: none Max length: 100 |
clientSecret |
The client secret is only known to the application and the provider for secure communication during the authentication flow. This secret is created by the provider, and assigned to each client application upon registration. Type: string Mandatory: no Default value: none Max length: 200 |
clientSecretMethod |
The client authentication method for the client secret. Type: string Mandatory: yes Default value: none Valid values: Basic, Post Max length: 50 |
userNameClaim |
The property in the ID token provided by the OIDC Identity Provider that contains the user name. Note: By default, the system will use the preferred_username claim in the ID token. Type: string Mandatory: no Default value: preferred_username Valid characters: Aa-Zz, underscore "_" Max length: 50 |
Result
None
Return codes
For a complete list of return codes, see Return Codes.