Retrieve all OAuth 2.0 configurations
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
GET /security/authentication/cluster/oauth2/clients
Introduced In: 9.14
Retrieves all OAuth 2.0 configurations.
Related ONTAP commands
-
security oauth2 client show
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
outgoing_proxy |
string |
query |
False |
Filter by outgoing_proxy |
use_local_roles_if_present |
boolean |
query |
False |
Filter by use_local_roles_if_present |
issuer |
string |
query |
False |
Filter by issuer |
jwks.refresh_interval |
string |
query |
False |
Filter by jwks.refresh_interval |
jwks.provider_uri |
string |
query |
False |
Filter by jwks.provider_uri |
introspection.endpoint_uri |
string |
query |
False |
Filter by introspection.endpoint_uri |
introspection.interval |
string |
query |
False |
Filter by introspection.interval |
application |
string |
query |
False |
Filter by application |
use_mutual_tls |
string |
query |
False |
Filter by use_mutual_tls |
client_id |
string |
query |
False |
Filter by client_id |
audience |
string |
query |
False |
Filter by audience |
name |
string |
query |
False |
Filter by name |
remote_user_claim |
string |
query |
False |
Filter by remote_user_claim |
hashed_client_secret |
string |
query |
False |
Filter by hashed_client_secret |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
desc] direction. Default direction is 'asc' for ascending. |
fields |
array[string] |
query |
False |
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of records. |
records |
array[security_oauth2] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"application": "string",
"audience": "string",
"client_id": "string",
"client_secret": "string",
"hashed_client_secret": "string",
"introspection": {
"endpoint_uri": "https://examplelab.customer.com/token/introspect",
"interval": "PT1H"
},
"issuer": "https://examplelab.customer.com",
"jwks": {
"provider_uri": "https://examplelab.customer.com/pf/JWKS",
"refresh_interval": "PT2H"
},
"name": "auth0",
"outgoing_proxy": "https://johndoe:secretpass@proxy.example.com:8080",
"remote_user_claim": "string",
"use_mutual_tls": "string"
}
]
}
Error
Status: Default, Error
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
_links
Name | Type | Description |
---|---|---|
self |
introspection
Name | Type | Description |
---|---|---|
endpoint_uri |
string |
The token introspection endpoint URI. |
interval |
string |
The refresh interval for caching tokens, in ISO-8601 format. This can be set to the value "disabled" to disable caching of tokens. When set to 0, tokens are cached according to the expiry period in them. Otherwise, it can be set to a value from 1 second to 2147483647 seconds. |
jwks
Name | Type | Description |
---|---|---|
provider_uri |
string |
The URI on which the JSON Web Key Set (JWKS) are hosted. |
refresh_interval |
string |
The refresh interval for the JSON Web Key Set (JWKS), in ISO-8601 format. This can be set to a value from 300 seconds to 2147483647 seconds. |
security_oauth2
Name | Type | Description |
---|---|---|
_links |
||
application |
string |
The name of the application using OAuth 2.0. Required for POST operations. |
audience |
string |
The OAuth 2.0 Audience. |
client_id |
string |
The OAuth 2.0 client ID. Required in POST operations for remote introspection. |
client_secret |
string |
The OAuth 2.0 client secret. Required in POST operations for remote introspection. |
hashed_client_secret |
string |
The OAuth 2.0 client secret as a SHA256 HMAC hashed value created with the cluster UUID as its HMAC secret key. |
introspection |
||
issuer |
string |
The OAuth 2.0 Issuer. |
jwks |
||
name |
string |
The configuration name. Required for POST operations. |
outgoing_proxy |
string |
Outgoing proxy to access external identity providers (IdPs). If not specified, no proxy is configured. |
remote_user_claim |
string |
The remote user claim. |
skip_uri_validation |
boolean |
Indicates whether or not to validate the input URIs. Default value is false. |
use_local_roles_if_present |
boolean |
Indicates whether or not to use locally confgiured roles, if present. Default value is false. |
use_mutual_tls |
string |
OAuth 2.0 mutual TLS authentication setting. Set this value to "none" to disable mutual TLS authentication. Set this value to "required" to enforce mutual TLS authentication for all access tokens and reject any token that does not have x5t#S256 property in the cnf section. The default value is "request" which means mutual TLS authentication is enforced only if the x5t#S256 property is present in the cnf section of the access token. |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |