oidcIdentityProvider()

API Stability Long-Term

The oidcIdentityProvider() GraphQL query is used to get information on an OIDC identity provider.

Related to this query are the mutation fields, newOIDCIdentityProvider() to add a new OIDC identity provider, and updateOIDCIdentityProvider() to change an OIDC identity provider in LogScale.

Syntax

graphql

oidcIdentityProvider(
      id: string!
   ): OidcIdentityProvider!

For the input, you'd give the unique identifier for the OIDC identity provider. For the results, you can request several bits of information on the OIDC identify provider (e.g., authentication method used, user information, endpoints, etc.) See the Returned Datatype section for more.

Example

Below is an example of how this query field might be used:

Raw

graphql

query {
  oidcIdentityProvider(id: "1234") 
  {id, name, domains, issuer, 
   authenticationMethod{ authType }
  }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{ authType }
  }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{ authType }
  }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  oidcIdentityProvider(id: \"1234\")  ^
  {id, name, domains, issuer,  ^
   authenticationMethod{ authType } ^
  } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{ authType }
  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{ authType }
  }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{ authType }
  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{ authType }
  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "oidcIdentityProvider": {
      "id": "abc123",
      "name": "The Company",
      domains: ["humio"],
      issuer: "https://my.oidc-idp.com",
      "authenticationMethod": {
        "name": "SAMLAuthentication"
      },
    }
  }
}

Returned Datatype

You specify many parameters related to data that's returned, such as the authentication method used, some endpoints, etc. Below is a list of choices, along with descriptions of them:

Table: OidcIdentityProvider

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Jun 26, 2025
authenticationMethod	AuthenticationMethodAuth	yes	`Long-Term`	The authentication method used. See AuthenticationMethodAuth.
authorizationEndpoint	string		`Long-Term`	A URL to the endpoint a user should be redirected to when authorizing.
clientId	string	yes	`Long-Term`	The unique identifier for the client.
clientSecret	string	yes	`Long-Term`	The password for the client.
debug	boolean	yes	`Long-Term`	Whether debugging is enabled.
defaultIdp	boolean	yes	`Long-Term`	Whether the identity provider is the default.
domains	[string]	yes	`Long-Term`	The domains authorized by the OIDC identity providers.
federatedIdp	string		`Long-Term`	The Federated IdP.
groupsClaim	string		`Long-Term`	The name of the claim to interpret as the groups in LogScale. The value in the claim must be an array of strings. Optional. Defaults to humio-groups.
humioManaged	boolean	yes	`Long-Term`	Whether authentication is managed by LogScale.
id	string	yes	`Long-Term`	The unique identifier for the OIDC identity provider.
issuer	string	yes	`Long-Term`	The issuer of the OIDC authentication.
jwksEndpoint	string		`Long-Term`	A URL to the JWKS endpoint for retrieving keys for validating tokens. Required.
lazyCreateUsers	boolean	yes	`Long-Term`	Whether to wait to create users until necessary.
name	string	yes	`Long-Term`	The name of the OIDC identity provider.
registrationEndpoint	string		`Long-Term`	To use OIDC as a client, PUBLIC_URL must be set, LogScale must be registered as a client with your OpenID provider, and the provider must allow `%PUBLIC_URL%/auth/oidc` as a valid redirect endpoint for the client.
scopeClaim	string		`Long-Term`	The scope claim.
scopes	[string]	yes	`Long-Term`	Comma-separated list of scopes to add in addition to the default requested scopes (openid, email, and profile).
tokenEndpoint	string		`Long-Term`	A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients.
tokenEndpointAuthMethod	string	yes	`Long-Term`	A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients.
userClaim	string	yes	`Long-Term`	The name of the claim to interpret as username in LogScale. The value in the claim must be a string. Defaults to humio-user. Can be set to email if using emails as usernames.
userInfoEndpoint	string		`Long-Term`	A URL to the user info endpoint used to retrieve user information from an access token.

Versions of this Page

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes