Skip to main content
PATCH
/
api
/
v1
/
sso
/
oidc
/
config
cURL
curl --request PATCH \
  --url https://us.infisical.com/api/v1/sso/oidc/config \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "allowedEmailDomains": "",
  "discoveryURL": "<string>",
  "configurationType": "custom",
  "issuer": "<string>",
  "authorizationEndpoint": "<string>",
  "jwksUri": "<string>",
  "tokenEndpoint": "<string>",
  "userinfoEndpoint": "<string>",
  "clientId": "<string>",
  "clientSecret": "<string>",
  "isActive": true,
  "manageGroupMemberships": true,
  "jwtSignatureAlgorithm": "RS256",
  "organizationId": "<string>"
}'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "issuer": "<string>",
  "authorizationEndpoint": "<string>",
  "configurationType": "<string>",
  "discoveryURL": "<string>",
  "jwksUri": "<string>",
  "tokenEndpoint": "<string>",
  "userinfoEndpoint": "<string>",
  "orgId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "allowedEmailDomains": "<string>",
  "isActive": true,
  "manageGroupMemberships": false
}

Authorizations

Authorization
string
header
required

An access token in Infisical

Body

application/json
organizationId
string
required

The ID of the organization to update the OIDC config for.

allowedEmailDomains
string
default:""

A list of allowed email domains that users can use to authenticate with. This field is comma separated. Example: 'example.com,acme.com'

discoveryURL
string

The URL of the OIDC discovery endpoint.

configurationType
enum<string>

The configuration type to use for the OIDC configuration.

Available options:
custom,
discoveryURL
issuer
string

The issuer for the OIDC configuration. This is only supported when the OIDC configuration type is set to 'custom'.

authorizationEndpoint
string

The endpoint to use for OIDC authorization. This is only supported when the OIDC configuration type is set to 'custom'.

jwksUri
string

The URL of the OIDC JWKS endpoint.

tokenEndpoint
string

The token endpoint to use for OIDC token exchange.

userinfoEndpoint
string

The userinfo endpoint to get user information from the OIDC provider.

clientId
string

The client ID to use for OIDC authentication.

clientSecret
string

The client secret to use for OIDC authentication.

isActive
boolean

Whether to enable or disable this OIDC configuration.

manageGroupMemberships
boolean

Whether to manage group memberships for the OIDC configuration. If enabled, users will automatically be assigned groups when they sign in, based on which groups they are a member of in the OIDC provider.

jwtSignatureAlgorithm
enum<string>

The algorithm to use for JWT signature verification.

Available options:
RS256,
HS256,
RS512,
EdDSA

Response

Default Response

id
string<uuid>
required
configurationType
string
required
orgId
string<uuid>
required
isActive
boolean
required
issuer
string | null
authorizationEndpoint
string | null
discoveryURL
string | null
jwksUri
string | null
tokenEndpoint
string | null
userinfoEndpoint
string | null
allowedEmailDomains
string | null
manageGroupMemberships
boolean
default:false