Skip to main content
A newer release of this product is available.

Retrieve all OAuth 2.0 configurations

Contributors

GET /security/authentication/cluster/oauth2/clients

Introduced In: 9.14

Retrieves all OAuth 2.0 configurations.

  • security oauth2 client show

Parameters

Name Type In Required Description

use_mutual_tls

string

query

False

Filter by use_mutual_tls

introspection.endpoint_uri

string

query

False

Filter by introspection.endpoint_uri

introspection.interval

string

query

False

Filter by introspection.interval

jwks.refresh_interval

string

query

False

Filter by jwks.refresh_interval

jwks.provider_uri

string

query

False

Filter by jwks.provider_uri

audience

string

query

False

Filter by audience

application

string

query

False

Filter by application

name

string

query

False

Filter by name

issuer

string

query

False

Filter by issuer

outgoing_proxy

string

query

False

Filter by outgoing_proxy

hashed_client_secret

string

query

False

Filter by hashed_client_secret

use_local_roles_if_present

boolean

query

False

Filter by use_local_roles_if_present

client_id

string

query

False

Filter by client_id

remote_user_claim

string

query

False

Filter by remote_user_claim

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 1

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

desc] direction. Default direction is 'asc' for ascending.

fields

array[string]

query

False

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records.

records

array[security_oauth2]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "num_records": 1,
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "application": "string",
      "audience": "string",
      "client_id": "string",
      "client_secret": "string",
      "hashed_client_secret": "string",
      "introspection": {
        "endpoint_uri": "https://examplelab.customer.com/token/introspect",
        "interval": "PT1H"
      },
      "issuer": "https://examplelab.customer.com",
      "jwks": {
        "provider_uri": "https://examplelab.customer.com/pf/JWKS",
        "refresh_interval": "PT2H"
      },
      "name": "auth0",
      "outgoing_proxy": "https://johndoe:secretpass@proxy.example.com:8080",
      "remote_user_claim": "string",
      "use_mutual_tls": "string"
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

Name Type Description

self

href

introspection

Name Type Description

endpoint_uri

string

The token introspection endpoint URI.

interval

string

The refresh interval for caching tokens, in ISO-8601 format. This can be set to the value "disabled" to disable caching of tokens. When set to 0, tokens are cached according to the expiry period in them. Otherwise, it can be set to a value from 1 second to 2147483647 seconds.

jwks

Name Type Description

provider_uri

string

The URI on which the JSON Web Key Set (JWKS) are hosted.

refresh_interval

string

The refresh interval for the JSON Web Key Set (JWKS), in ISO-8601 format. This can be set to a value from 300 seconds to 2147483647 seconds.

security_oauth2

Name Type Description

_links

_links

application

string

The name of the application using OAuth 2.0. Required for POST operations.

audience

string

The OAuth 2.0 Audience.

client_id

string

The OAuth 2.0 client ID. Required in POST operations for remote introspection.

client_secret

string

The OAuth 2.0 client secret. Required in POST operations for remote introspection.

hashed_client_secret

string

The OAuth 2.0 client secret as a SHA256 HMAC hashed value created with the cluster UUID as its HMAC secret key.

introspection

introspection

issuer

string

The OAuth 2.0 Issuer.

jwks

jwks

name

string

The configuration name. Required for POST operations.

outgoing_proxy

string

Outgoing proxy to access external identity providers (IdPs). If not specified, no proxy is configured.

remote_user_claim

string

The remote user claim.

skip_uri_validation

boolean

Indicates whether or not to validate the input URIs. Default value is false.

use_local_roles_if_present

boolean

Indicates whether or not to use locally confgiured roles, if present. Default value is false.

use_mutual_tls

string

OAuth 2.0 mutual TLS authentication setting. Set this value to "none" to disable mutual TLS authentication. Set this value to "required" to enforce mutual TLS authentication for all access tokens and reject any token that does not have x5t#S256 property in the cnf section. The default value is "request" which means mutual TLS authentication is enforced only if the x5t#S256 property is present in the cnf section of the access token.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.