Skip to main content
POST
/
api
/
v1
/
sso
/
oidc
/
config
cURL
curl --request POST \
  --url https://us.infisical.com/api/v1/sso/oidc/config \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "allowedEmailDomains": "",
  "configurationType": "custom",
  "issuer": "",
  "discoveryURL": "",
  "authorizationEndpoint": "",
  "jwksUri": "",
  "tokenEndpoint": "",
  "userinfoEndpoint": "",
  "clientId": "<string>",
  "clientSecret": "<string>",
  "isActive": true,
  "organizationId": "<string>",
  "manageGroupMemberships": false,
  "jwtSignatureAlgorithm": "RS256"
}'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "issuer": "<string>",
  "authorizationEndpoint": "<string>",
  "configurationType": "<string>",
  "discoveryURL": "<string>",
  "jwksUri": "<string>",
  "tokenEndpoint": "<string>",
  "userinfoEndpoint": "<string>",
  "orgId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "isActive": true,
  "allowedEmailDomains": "<string>",
  "manageGroupMemberships": false,
  "jwtSignatureAlgorithm": "RS256"
}

Authorizations

Authorization
string
header
required

An access token in Infisical

Body

application/json
configurationType
enum<string>
required

The configuration type to use for the OIDC configuration.

Available options:
custom,
discoveryURL
clientId
string
required

The client ID to use for OIDC authentication.

clientSecret
string
required

The client secret to use for OIDC authentication.

isActive
boolean
required

Whether to enable or disable this OIDC configuration.

organizationId
string
required

The ID of the organization to create the OIDC config for.

allowedEmailDomains
string
default:""

A list of allowed email domains that users can use to authenticate with. This field is comma separated.

issuer
string
default:""

The issuer for the OIDC configuration. This is only supported when the OIDC configuration type is set to 'custom'.

discoveryURL
string
default:""

The URL of the OIDC discovery endpoint.

authorizationEndpoint
string
default:""

The authorization endpoint to use for OIDC authorization. This is only supported when the OIDC configuration type is set to 'custom'.

jwksUri
string
default:""

The URL of the OIDC JWKS endpoint.

tokenEndpoint
string
default:""

The token endpoint to use for OIDC token exchange.

userinfoEndpoint
string
default:""

The userinfo endpoint to get user information from the OIDC provider.

manageGroupMemberships
boolean
default:false

Whether to manage group memberships for the OIDC configuration. If enabled, users will automatically be assigned groups when they sign in, based on which groups they are a member of in the OIDC provider.

jwtSignatureAlgorithm
enum<string>
default:RS256

The algorithm to use for JWT signature verification.

Available options:
RS256,
HS256,
RS512,
EdDSA

Response

Default Response

id
string<uuid>
required
configurationType
string
required
orgId
string<uuid>
required
isActive
boolean
required
issuer
string | null
authorizationEndpoint
string | null
discoveryURL
string | null
jwksUri
string | null
tokenEndpoint
string | null
userinfoEndpoint
string | null
allowedEmailDomains
string | null
manageGroupMemberships
boolean
default:false
jwtSignatureAlgorithm
string
default:RS256