PATCH
/
api
/
v1
/
auth
/
oidc-auth
/
identities
/
{identityId}
curl --request PATCH \
  --url https://us.infisical.com/api/v1/auth/oidc-auth/identities/{identityId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "oidcDiscoveryUrl": "<string>",
  "caCert": "",
  "boundIssuer": "<string>",
  "boundAudiences": "",
  "boundClaims": {},
  "claimMetadataMapping": {},
  "boundSubject": "",
  "accessTokenTrustedIps": [
    {
      "ipAddress": "0.0.0.0/0"
    },
    {
      "ipAddress": "::/0"
    }
  ],
  "accessTokenTTL": 2592000,
  "accessTokenMaxTTL": 2592000,
  "accessTokenNumUsesLimit": 0
}'
{
  "identityOidcAuth": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "accessTokenTTL": 7200,
    "accessTokenMaxTTL": 7200,
    "accessTokenNumUsesLimit": 0,
    "accessTokenTrustedIps": "<any>",
    "identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "oidcDiscoveryUrl": "<string>",
    "boundIssuer": "<string>",
    "boundAudiences": "<string>",
    "boundClaims": "<any>",
    "claimMetadataMapping": "<any>",
    "boundSubject": "<string>",
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z",
    "caCert": "<string>"
  }
}

Authorizations

Authorization
string
header
required

An access token in Infisical

Path Parameters

identityId
string
required

The ID of the identity to update the auth method for.

Body

application/json
oidcDiscoveryUrl
string

The new URL used to retrieve the OpenID Connect configuration from the identity provider.

Minimum length: 1
caCert
string
default:

The new PEM-encoded CA cert for establishing secure communication with the Identity Provider endpoints.

boundIssuer
string

The new unique identifier of the identity provider issuing the JWT.

Minimum length: 1
boundAudiences
string
default:

The new list of intended recipients.

boundClaims
object

The new attributes that should be present in the JWT for it to be valid.

claimMetadataMapping
object

The new attributes that should be present in the permission metadata from the JWT.

boundSubject
string
default:

The new expected principal that is the subject of the JWT.

accessTokenTrustedIps
object[]

The new IPs or CIDR ranges that access tokens can be used from.

accessTokenTTL
integer
default:2592000

The new lifetime for an access token in seconds.

Required range: 0 <= x <= 315360000
accessTokenMaxTTL
integer
default:2592000

The new maximum lifetime for an access token in seconds.

Required range: 0 <= x <= 315360000
accessTokenNumUsesLimit
integer
default:0

The new maximum number of times that an access token can be used.

Required range: x >= 0

Response

200
application/json
Default Response
identityOidcAuth
object
required

Was this page helpful?