| API Stability |
Long-Term
|
The updateOIDCIdentityProvider() GraphQL mutation is used to change an OIDC identity provider in LogScale.
For more information on OpenID Connect, see the Authenticating with OpenID Connect documentation page. You may also want to look at Authentication & Identity Providers for related information.
Syntax
Below is the syntax for the updateOIDCIdentityProvider() mutation field:
graphql
updateOIDCIdentityProvider(
input: UpdateOidcConfigurationInput!
): OidcIdentityProvider!Below is an example of how this mutation field might be used:
graphql
mutation {
updateOIDCIdentityProvider( input:
{ id: "abc123",
name: "myOIDC",
clientID: "def456",
clientSecret: "MD39xf83M301",
issuer: "https://my.oidc-idp.com",
authorizationEndpoint: "https://my.oidc-idp.com/authorize",
tokenEndpointAuthMethod: "client_secret_basic",
domains: ["humio"],
scopes: [ "profile", "email", "openid" ],
userClaim: "user",
enableDebug: false
}
)
{ id }
}json
{
"data": {
"updateOIDCIdentityProvider": {
"id": "abc123"
}
}
}Given Datatypes
For UpdateOidcConfigurationInput, there are many parameters that may be given. Below is a list of them along with a description of each:
Table: UpdateOidcConfigurationInput
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Sep 23, 2024 | |||||
authorizationEndpoint | string | Long-Term | A URL to the endpoint a user should be redirected to when authorizing. Required for clients. | ||
clientId | string | yes | Long-Term | The unique identifier for the client. | |
clientSecret | string | yes | Long-Term | The client's password or passphrase for the identity provider. | |
defaultIdp | boolean | yes | Long-Term | The default identity provider. | |
domains | [string] | yes | Long-Term | The domains associated with the OIDC configuration. | |
enableDebug | boolean | yes | Long-Term | Whether to enable debugging. | |
federatedIdp | string | Long-Term | The Federated IdP. | ||
groupsClaim | string | Long-Term | The name of the claim to interpret as the groups in LogScale. The value in the claim must be an array of strings. Optional. Defaults to humio-groups. | ||
humioOwned | boolean | yes | Long-Term | Whether authentication is managed by LogScale. | |
id | string | yes | Long-Term | The unique identifier for the OpenId Connect (OIDC) configurtion to update. | |
issuer | string | yes | Long-Term | The issuer of the OIDC. | |
JWKSEndpoint | string | Long-Term | A URL to the JWKS endpoint for retrieving keys for validating tokens. Required. | ||
lazyCreateUsers | boolean | yes | Long-Term | Whether to wait to create users until necessary. | |
name | string | yes | Long-Term | The name of the OIDC identify provider. | |
registrationEndpoint | string | Long-Term | To use OIDC as a client, PUBLIC_URL must be set, LogScale must be registered as a client with your OpenID provider, and the provider must allow %PUBLIC_URL%/auth/oidc as a valid redirect endpoint for the client. | ||
scopeClaim | string | Long-Term | The claim or user attributes for the scope. | ||
scopes | [string] | yes | Long-Term | Comma-separated list of scopes to add in addition to the default requested scopes (openid, email, and profile). | |
tokenEndpoint | string | Long-Term | A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients. | ||
tokenEndpointAuthMethod | string | yes | Long-Term | The authentication method used to authenticate LogScale against the token endpoint. Can either be client_secret_basic or client_secret_post for placing the client id and secret in either basic auth or post data, respectively. Defaults to client_secret_basic, or client_secret_post if client_secret_basic is not supported as per the discovery endpoint. | |
userClaim | string | yes | Long-Term | The name of the claim to interpret as username in LogScale. The value in the claim must be a string. Defaults to humio-user. Can be set to email if using emails as usernames. | |
userInfoEndpoint | string | Long-Term | A URL to the user info endpoint used to retrieve user information from an access token. | ||
Returned Datatypes
The returned datatype OidcIdentityProvider also has many parameters. Below is a list of them along with a description of each:
Table: OidcIdentityProvider
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Sep 27, 2024 | |||||
authenticationMethod | AuthenticationMethodAuth | yes | Long-Term | The authentication method used. See AuthenticationMethodAuth. | |
authorizationEndpoint | string | Long-Term | A URL to the endpoint a user should be redirected to when authorizing. | ||
clientId | string | yes | Long-Term | The unique identifier for the client. | |
clientSecret | string | yes | Long-Term | The password for the client. | |
debug | boolean | yes | Long-Term | Whether debugging is enabled. | |
defaultIdp | boolean | yes | Long-Term | Whether the identity provider is the default. | |
domains | [string] | yes | Long-Term | The domains authorized by the OIDC identity providers. | |
federatedIdp | string | Long-Term | The Federated IdP. | ||
groupsClaim | string | Long-Term | The name of the claim to interpret as the groups in LogScale. The value in the claim must be an array of strings. Optional. Defaults to humio-groups. | ||
humioManaged | boolean | yes | Long-Term | Whether authentication is managed by LogScale. | |
id | string | yes | Long-Term | The unique identifier for the OIDC identity provider. | |
issuer | string | yes | Long-Term | The issuer of the OIDC authentication. | |
jwksEndpoint | string | Long-Term | A URL to the JWKS endpoint for retrieving keys for validating tokens. Required. | ||
lazyCreateUsers | boolean | yes | Long-Term | Whether to wait to create users until necessary. | |
name | string | yes | Long-Term | The name of the OIDC identity provider. | |
registrationEndpoint | string | Long-Term | To use OIDC as a client, PUBLIC_URL must be set, LogScale must be registered as a client with your OpenID provider, and the provider must allow %PUBLIC_URL%/auth/oidc as a valid redirect endpoint for the client. | ||
scopeClaim | string | Long-Term | The scope claim. | ||
scopes | [string] | yes | Long-Term | Comma-separated list of scopes to add in addition to the default requested scopes (openid, email, and profile). | |
tokenEndpoint | string | Long-Term | A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients. | ||
tokenEndpointAuthMethod | string | yes | Long-Term | A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients. | |
userClaim | string | yes | Long-Term | The name of the claim to interpret as username in LogScale. The value in the claim must be a string. Defaults to humio-user. Can be set to email if using emails as usernames. | |
userInfoEndpoint | string | Long-Term | A URL to the user info endpoint used to retrieve user information from an access token. | ||