OidcConfigurationInput is used to input data for an OIDC configuration.

Table: OidcConfigurationInput

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 19, 2024
authorizationEndpointstringyes A URL to the endpoint a user should be redirected to when authorizing. Required for clients.
clientIDstringyes The unique identifier of the client.
clientSecretstringyes The client's password or passphrase or the like for the identity provider.
defaultIdpboolean  The default identity provider.
domains[string]yes The domains for the OIDC authentication.
enableDebugbooleanyes Whether to enable debugging mode.
federatedIdpstring  The Federated IdP.
groupsClaimstring  The name of the claim to interpret as the groups in LogScale. The value in the claim must be an array of strings. Optional. Defaults to humio-groups.
humioOwnedboolean  Whther this is a LogScale owned OIDC.
issuerstringyes The OIDC issuer.
jwksEndpointstring  A URL to the JWKS endpoint for retrieving keys for validating tokens. Required.
lazyCreateUsersboolean  Whether to create users at the last moment, and only when needed.
namestringyes The name of the OpenID Connect (OIDC) identity provider.
registrationEndpointstring  LogScale will use the OIDC endpoint (%OIDC_PROVIDER%/.well-known/openid-configuration) to configure missing parameters.
scopeClaimstring  The scope claim.
scopes[string]yes Comma-separated list of scopes to add in addition to the default requested scopes (openid, email, and profile). Optional.
tokenEndpointstring  A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients.
tokenEndpointAuthMethodstringyes The authentication method used to authenticate LogScale against the token endpoint. Can either be client_secret_basic or client_secret_post for placing the client id and secret in either basic auth or post data, respectively. Defaults to client_secret_basic, or client_secret_post if client_secret_basic is not supported as per the discovery endpoint.
userClaimstring  The name of the claim to interpret as username in LogScale. The value in the claim must be a string. Defaults to humio-user. Can be set to email if using emails as usernames.
userInfoEndpointstring  A URL to the user info endpoint used to retrieve user information from an access token. Required.