POST
/
api
/
v1
/
auth
/
oidc-auth
/
identities
/
{identityId}
curl --request POST \
  --url https://us.infisical.com/api/v1/auth/oidc-auth/identities/{identityId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "oidcDiscoveryUrl": "<string>",
  "caCert": "",
  "boundIssuer": "<string>",
  "boundAudiences": "",
  "boundClaims": {},
  "boundSubject": "",
  "accessTokenTrustedIps": [
    {
      "ipAddress": "0.0.0.0/0"
    },
    {
      "ipAddress": "::/0"
    }
  ],
  "accessTokenTTL": 2592000,
  "accessTokenMaxTTL": 2592000,
  "accessTokenNumUsesLimit": 0
}'
{
  "identityOidcAuth": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "accessTokenTTL": 7200,
    "accessTokenMaxTTL": 7200,
    "accessTokenNumUsesLimit": 0,
    "accessTokenTrustedIps": "<any>",
    "identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "oidcDiscoveryUrl": "<string>",
    "boundIssuer": "<string>",
    "boundAudiences": "<string>",
    "boundClaims": "<any>",
    "boundSubject": "<string>",
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z",
    "caCert": "<string>"
  }
}

Authorizations

​
Authorization
string
header
required

An access token in Infisical

Path Parameters

​
identityId
string
required

The ID of the identity to attach the configuration onto.

Body

application/json
​
oidcDiscoveryUrl
string
required

The URL used to retrieve the OpenID Connect configuration from the identity provider.

Minimum length: 1
​
boundIssuer
string
required

The unique identifier of the identity provider issuing the JWT.

Minimum length: 1
​
boundClaims
object
required

The attributes that should be present in the JWT for it to be valid.

​
caCert
string
default:

The PEM-encoded CA cert for establishing secure communication with the Identity Provider endpoints.

​
boundAudiences
string
default:

The list of intended recipients.

​
boundSubject
string
default:

The expected principal that is the subject of the JWT.

​
accessTokenTrustedIps
object[]

The IPs or CIDR ranges that access tokens can be used from.

​
accessTokenTTL
integer
default:
2592000

The lifetime for an access token in seconds.

Required range: 0 < x < 315360000
​
accessTokenMaxTTL
integer
default:
2592000

The maximum lifetime for an access token in seconds.

Required range: 0 < x < 315360000
​
accessTokenNumUsesLimit
integer
default:
0

The maximum number of times that an access token can be used.

Required range: x > 0

Response

200
application/json
Default Response
​
identityOidcAuth
object
required

Was this page helpful?

Suggest editsRaise issue
LoginRetrieve