Get all OpenID Connect Identity Providers

This method returns a list of all OIDC Identity Providers. Any user who is a member of the Vault admins group can run this web service.

URL

 
https://{PVWA_SERVER}/passwordvault/api/Configuration/OIDC/Providers
 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

Resource information

HTTP method

Content type

GET

application/json

Header parameter

Parameter

Description

Authorization

The token that identifies the session, encoded in BASE 64.

Type: string

Mandatory: yes

Default value: none

Body parameters

None

Result

 
"Providers": [
{
"id": "opserver",
"authenticationFlow": "Code",
"authenticationEndpointUrl": "",
"discoveryEndpointUrl": "https://Domain.com/OPServer/.well-known/openid-configuration",
"issuer": "",
"description": "",
"jwkSet": "",
"clientId": "pvwa",
"clientSecretMethod" : "basic",
"userNameClaim": "preferred_username"
}
]

Parameter

Description

id

The unique identifier of the provider.

This ID is used to identify the OIDC Identity Provider in PVWA.

Type: string

authenticationFlow

The OIDC connection flow.

Type: string

authenticationEndpointUrl

The URL of the provider's authorization endpoint. Authentication requests will be sent to this URL.

Note: This is not relevant if the Discovery URL is provided.

Type: URL

issuer

The Issuer Identifier for the OpenID Provider. This is used by the application to verify that the response was issued from a specific provider.

Note: This is not relevant if the Discovery URL is provided.

Type: string

description

A description of the provider.

Type: string

discoveryEndpointUrl

OIDC defines a discovery mechanism, called OpenID Connect Discovery, where an OIDC Identity provider publishes its metadata at a well-known URL.

This URL is metadata that describes the provider's configuration.

Type: URL

jwkSet

(JSON web key set) The set of keys provided by the OIDC Identity Provider for validating JWT (JSON web tokens) during the authentication flow.

The JSON must include a "keys" parameter, which is an array of JWKs (JWT signing keys).

Note: This is not relevant if the Discovery URL is provided.

Type: JSON that represents a set of JWKs

clientId

The unique identifier for the client application.

This ID is created by the provider, and assigned to each client application upon registration.

Type: string

clientSecretMethod

The client authentication method for the client secret.

Type: string

Valid values: Basic, Post

userNameClaim

The property in the ID token provided by the OIDC Identity Provider that contains the user name.

Note: By default, the system will use the preferred_username claim in the ID token.

Type: string

Return codes

For a complete list of return codes, see Return Codes.