Querying an OpenID Connect Identity Provider
Function
This API is provided for the administrator to query an OpenID Connect identity provider.
The API can be called using both the global endpoint and region-specific endpoints.
URI
GET /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
idp_id |
Yes |
String |
Identity provider ID. Length: 1 to 64 characters |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
X-Auth-Token |
Yes |
String |
Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions. |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
object |
OpenID Connect configurations. |
Parameter |
Type |
Description |
---|---|---|
access_mode |
String |
Access type. Options:
|
idp_url |
String |
URL of the OpenID Connect identity provider. This field corresponds to the iss field in the ID token. |
client_id |
String |
ID of a client registered with the OpenID Connect identity provider. |
authorization_endpoint |
String |
Authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to programmatic access and management console access. |
scope |
String |
Scopes of authorization requests. This field is required only if the access type is set to programmatic access and management console access. Enumerated values:
NOTE:
Example: openid, openid email, openid profile, and openid email profile. |
response_type |
String |
Response type. This field is required only if the access type is set to programmatic access and management console access. Enumerated value:
|
response_mode |
String |
Response mode. This field is required only if the access type is set to programmatic access and management console access. Enumerated values:
|
signing_key |
String |
Public key used to sign the ID token of the OpenID Connect identity provider. |
Example Request
Request for querying an OpenID Connect identity provider
GET https://{address}/v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config
Example Response
Status code: 200
The request is successful.
{ "openid_connect_config" : { "access_mode" : "program_console", "idp_url" : "https://accounts.example.com", "client_id" : "client_id_example", "authorization_endpoint" : "https://accounts.example.com/o/oauth2/v2/auth", "scope" : "openid", "response_type" : "id_token", "response_mode" : "form_post", "signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}" } }
Status code: 400
Invalid parameters.
{ "error_msg" : "Request body is invalid.", "error_code" : "IAM.0011" }
Status code: 401
Authentication failed.
{ "error_msg" : "Request parameter %(key)s is invalid.", "error_code" : "IAM.0007" }
Status code: 403
Access denied.
{ "error_msg" : "Policy doesn't allow %(actions)s to be performed.", "error_code" : "IAM.0003" }
Status code: 404
The requested resource cannot be found.
{ "error_msg" : "Could not find %(target)s: %(target_id)s.", "error_code" : "IAM.0004" }
Status code: 500
Internal system error.
{ "error_msg" : "An unexpected error prevented the server from fulfilling your request.", "error_code" : "IAM.0006" }
Status Codes
Status Code |
Description |
---|---|
200 |
The request is successful. |
400 |
Invalid parameters. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The requested resource cannot be found. |
500 |
Internal system error. |
Error Codes
For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.