OidcConfigurationInput is
used to input data for an OIDC configuration.
Table: OidcConfigurationInput
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Mar 28, 2025 | |||||
authorizationEndpoint | string | yes | Long-Term | A URL to the endpoint a user should be redirected to when authorizing. Required for clients. | |
clientID | string | yes | Long-Term | The unique identifier of the client. | |
clientSecret | string | yes | Long-Term | The client's password or passphrase or the like for the identity provider. | |
defaultIdp | boolean | Long-Term | The default identity provider. | ||
domains | [string] | yes | Long-Term | The domains for the OIDC authentication. | |
enableDebug | boolean | yes | Long-Term | Whether to enable debugging mode. | |
federatedIdp | string | Long-Term | The Federated IdP. | ||
groupsClaim | string | Long-Term | The name of the claim to interpret as the groups in LogScale. The value in the claim must be an array of strings. Optional. Defaults to humio-groups. | ||
humioOwned | boolean | Long-Term | Whther this is a LogScale owned OIDC. | ||
issuer | string | yes | Long-Term | The OIDC issuer. | |
JWKSEndpoint | string | Long-Term | A URL to the JWKS endpoint for retrieving keys for validating tokens. Required. | ||
lazyCreateUsers | boolean | Long-Term | Whether to create users at the last moment, and only when needed. | ||
Name | string | yes | Long-Term | The name of the OpenID Connect (OIDC) identity provider. | |
registrationEndpoint | string | Long-Term | LogScale will use the OIDC endpoint (%OIDC_PROVIDER%/.well-known/openid-configuration) to configure missing parameters. | ||
scopeClaim | string | Long-Term | The scope claim. | ||
scopes | [string] | yes | Long-Term | Comma-separated list of scopes to add in addition to the default requested scopes (openid, email, and profile). Optional. | |
tokenEndpoint | string | Long-Term | A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients. | ||
tokenEndpointAuthMethod | string | yes | Long-Term | The authentication method used to authenticate LogScale against the token endpoint. Can either be client_secret_basic or client_secret_post for placing the client id and secret in either basic auth or post data, respectively. Defaults to client_secret_basic, or client_secret_post if client_secret_basic is not supported as per the discovery endpoint. | |
userClaim | string | Long-Term | The name of the claim to interpret as username in LogScale. Defaults to humio-user. Can be set to email if using emails as usernames. | ||
userInfoEndpoint | string | Long-Term | A URL to the user info endpoint used to retrieve user information from an access token. Required. | ||