OidcConfigurationInput | LogScale GraphQL Reference - Datatypes | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

`OidcConfigurationInput`

The OidcConfigurationInput input includes various settings.

Table: OidcConfigurationInput

Parameter	Type	Required^[a]	Default	Description
`name`	string	yes		The name of the OpenID Connect (OIDC) identity provider.
`clientID`	string	yes		The unique identifier of the client.
`clientSecret`	string	yes		The client's password or passphrase or the like for the identity provider.
`issuer`	string	yes		The OIDC issuer.
`tokenEndpointAuthMethod`	string	yes		The authentication method used to authenticate LogScale against the token endpoint. Can either be client_secret_basic or client_secret_post for placing the client id and secret in either basic auth or post data, respectively. Defaults to client_secret_basic, or client_secret_post if client_secret_basic is not supported as per the discovery endpoint.
`authorizationEndpoint`	string	yes		A URL to the endpoint a user should be redirected to when authorizing. Required for clients.
`tokenEndpoint`	string			A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients.
`userInfoEndpoint`	string			A URL to the user info endpoint used to retrieve user information from an access token. Required.
`registrationEndpoint`	string			LogScale will use the OIDC endpoint (%OIDC_PROVIDER%/.well-known/openid-configuration) to configure missing parameters.
`groupsClaim`	string			The name of the claim to interpret as the groups in LogScale. The value in the claim must be an array of strings. Optional. Defaults to humio-groups.
`JWKSEndpoint`	string			A URL to the JWKS endpoint for retrieving keys for validating tokens. Required.
`domains`	[string]	yes		The domains for the OIDC authentication.
`scopes`	[string]	yes		Comma-separated list of scopes to add in addition to the default requested scopes (openid, email, and profile). Optional.
`userClaim`	string = 'email'			The name of the claim to interpret as username in LogScale. The value in the claim must be a string. Defaults to humio-user. Can be set to email if using emails as usernames.
`enableDebug`	boolean	yes		Whether to enable debugging mode.
`defaultIdp`	boolean			The default identity provider.
`humioOwned`	boolean			Whther this is a LogScale owned OIDC.
`lazyCreateUsers`	boolean			Whether to create users at the last moment, and only when needed.
^[a]Some arguments may be required, as indicated in this column. For some fields, this column indicates that a result will always be returned for it.

Enter search term