Get all OpenID Connect Identity Providers

This method returns a list of all OIDC Identity Providers. Any user who is a member of the Vault t admins group can run this web service.

URL

https://{PVWA_SERVER}/passwordvault/api/Configuration/OIDC/Providers/

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

Resource information

HTTP method	Content type
GET	application/json

Header parameter

Parameter	Description
Authorization	The token that identifies the session, encoded in BASE 64. Type: string Mandatory: yes Default value: none

Parameter

Description

Authorization

The token that identifies the session, encoded in BASE 64.

Type: string

Mandatory: yes

Default value: none

Body parameters

None

Result

"Providers": [
{
"id": "opserver",
"authenticationFlow": "Code",
"authenticationEndpointUrl": "",
"discoveryEndpointUrl": "https://Domain.com/OPServer/.well-known/openid-configuration",
"issuer": "",
"description": "",
"jwkSet": "",
"clientId": "pvwa",
"clientSecretMethod" : "basic",
"userNameClaim": "preferred_username"
}
]

Parameter	Description
id	The unique identifier of the provider. This ID is used to identify the OIDC Identity Provider in PVWA. Type: string
authenticationFlow	The OIDC connection flow. Type: string
authenticationEndpointUrl	The URL of the provider's authorization endpoint. Authentication requests will be sent to this URL. Note: This is not relevant if the Discovery URL is provided. Type: URL
issuer	The Issuer Identifier for the OpenID Provider. This is used by the application to verify that the response was issued from a specific provider. Note: This is not relevant if the Discovery URL is provided. Type: string
description	A description of the provider. Type: string
discoveryEndpointUrl	OIDC defines a discovery mechanism, called OpenID Connect Discovery, where an OIDC Identity provider publishes its metadata at a well-known URL. This URL is metadata that describes the provider's configuration. Type: URL
jwkSet	(JSON web key set) The set of keys provided by the OIDC Identity Provider for validating JWT (JSON web tokens) during the authentication flow. The JSON must include a "keys" parameter, which is an array of JWKs (JWT signing keys). Note: This is not relevant if the Discovery URL is provided. Type: JSON that represents a set of JWKs
clientId	The unique identifier for the client application. This ID is created by the provider, and assigned to each client application upon registration. Type: string
clientSecretMethod	The client authentication method for the client secret. Type: string Valid values: Basic, Post
userNameClaim	The property in the ID token provided by the OIDC Identity Provider that contains the user name. Note: By default, the system will use the preferred_username claim in the ID token. Type: string

Return codes

For a complete list of return codes, see Return Codes.