OIDCIdentityProvider
OIDCIdentityProvider is
a datatype for an OIDC identity provider.
Table: OIDCIdentityProvider
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Sep 27, 2024 | |||||
authenticationMethod | AuthenticationMethodAuth | yes | Long-Term | The authentication method used. See AuthenticationMethodAuth. | |
authorizationEndpoint | string | Long-Term | A URL to the endpoint a user should be redirected to when authorizing. | ||
clientId | string | yes | Long-Term | The unique identifier for the client. | |
clientSecret | string | yes | Long-Term | The password for the client. | |
debug | boolean | yes | Long-Term | Whether debugging is enabled. | |
defaultIdp | boolean | yes | Long-Term | Whether the identity provider is the default. | |
domains | [string] | yes | Long-Term | The domains authorized by the OIDC identity providers. | |
federatedIdp | string | Long-Term | The Federated IdP. | ||
groupsClaim | string | Long-Term | The name of the claim to interpret as the groups in LogScale. The value in the claim must be an array of strings. Optional. Defaults to humio-groups. | ||
humioManaged | boolean | yes | Long-Term | Whether authentication is managed by LogScale. | |
id | string | yes | Long-Term | The unique identifier for the OIDC identity provider. | |
issuer | string | yes | Long-Term | The issuer of the OIDC authentication. | |
jwksEndpoint | string | Long-Term | A URL to the JWKS endpoint for retrieving keys for validating tokens. Required. | ||
lazyCreateUsers | boolean | yes | Long-Term | Whether to wait to create users until necessary. | |
name | string | yes | Long-Term | The name of the OIDC identity provider. | |
registrationEndpoint | string | Long-Term | To use OIDC as a client, PUBLIC_URL must be set, LogScale must be registered as a client with your OpenID provider, and the provider must allow %PUBLIC_URL%/auth/oidc as a valid redirect endpoint for the client. | ||
scopeClaim | string | Long-Term | The scope claim. | ||
scopes | [string] | yes | Long-Term | Comma-separated list of scopes to add in addition to the default requested scopes (openid, email, and profile). | |
tokenEndpoint | string | Long-Term | A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients. | ||
tokenEndpointAuthMethod | string | yes | Long-Term | A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients. | |
userClaim | string | yes | Long-Term | The name of the claim to interpret as username in LogScale. The value in the claim must be a string. Defaults to humio-user. Can be set to email if using emails as usernames. | |
userInfoEndpoint | string | Long-Term | A URL to the user info endpoint used to retrieve user information from an access token. | ||