oidcIdentityProvider()

API Stability Long-Term

The oidcIdentityProvider() GraphQL query is used to get information on an OIDC identity provider.

Syntax

Below is the syntax for the oidcIdentityProvider() query field:

graphql

oidcIdentityProvider(
      id: string!
   ): OidcIdentityProvider!

For the input, you'd give the unique identifier for the OIDC identity provider. But there are a several returned parameters that may be requested (see the Returned Datatype section). Below is an example of how this query field might be used:

Raw

graphql

query {
  oidcIdentityProvider(id: "1234") 
  {id, name, domains, issuer, 
   authenticationMethod{authType}
  }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{authType}
  }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{authType}
  }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  oidcIdentityProvider(id: \"1234\")  ^
  {id, name, domains, issuer,  ^
   authenticationMethod{authType} ^
  } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{authType}
  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{authType}
  }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{authType}
  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  oidcIdentityProvider(id: \"1234\") 
  {id, name, domains, issuer, 
   authenticationMethod{authType}
  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Returned Datatypes

For the returned datatype, OidcIdentityProvider, there are several parameters that may be given. Below is a list of them, along with a description of each:

Table: OidcIdentityProvider

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Jun 26, 2025
authenticationMethod	AuthenticationMethodAuth	yes	`Long-Term`	The authentication method used. See AuthenticationMethodAuth.
authorizationEndpoint	string		`Long-Term`	A URL to the endpoint a user should be redirected to when authorizing.
clientId	string	yes	`Long-Term`	The unique identifier for the client.
clientSecret	string	yes	`Long-Term`	The password for the client.
debug	boolean	yes	`Long-Term`	Whether debugging is enabled.
defaultIdp	boolean	yes	`Long-Term`	Whether the identity provider is the default.
domains	[string]	yes	`Long-Term`	The domains authorized by the OIDC identity providers.
federatedIdp	string		`Long-Term`	The Federated IdP.
groupsClaim	string		`Long-Term`	The name of the claim to interpret as the groups in LogScale. The value in the claim must be an array of strings. Optional. Defaults to humio-groups.
humioManaged	boolean	yes	`Long-Term`	Whether authentication is managed by LogScale.
id	string	yes	`Long-Term`	The unique identifier for the OIDC identity provider.
issuer	string	yes	`Long-Term`	The issuer of the OIDC authentication.
jwksEndpoint	string		`Long-Term`	A URL to the JWKS endpoint for retrieving keys for validating tokens. Required.
lazyCreateUsers	boolean	yes	`Long-Term`	Whether to wait to create users until necessary.
name	string	yes	`Long-Term`	The name of the OIDC identity provider.
registrationEndpoint	string		`Long-Term`	To use OIDC as a client, PUBLIC_URL must be set, LogScale must be registered as a client with your OpenID provider, and the provider must allow `%PUBLIC_URL%/auth/oidc` as a valid redirect endpoint for the client.
scopeClaim	string		`Long-Term`	The scope claim.
scopes	[string]	yes	`Long-Term`	Comma-separated list of scopes to add in addition to the default requested scopes (openid, email, and profile).
tokenEndpoint	string		`Long-Term`	A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients.
tokenEndpointAuthMethod	string	yes	`Long-Term`	A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients.
userClaim	string	yes	`Long-Term`	The name of the claim to interpret as username in LogScale. The value in the claim must be a string. Defaults to humio-user. Can be set to email if using emails as usernames.
userInfoEndpoint	string		`Long-Term`	A URL to the user info endpoint used to retrieve user information from an access token.

GraphQL Queries

GraphQL API Stability

GraphQL Groups

GraphQL Mutations

GraphQL Datatypes