REST API reference
Retrieve an OAuth 2.0 configuration with the specified name
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
GET /security/authentication/cluster/oauth2/clients/{name}
Introduced In: 9.14
Retrieves the OAuth 2.0 configuration with the specified name.
Related ONTAP commands
-
security oauth2 client show
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
name |
string |
path |
True |
OAuth 2.0 configuration name. |
outgoing_proxy |
string |
query |
False |
Filter by outgoing_proxy |
use_local_roles_if_present |
boolean |
query |
False |
Filter by use_local_roles_if_present |
issuer |
string |
query |
False |
Filter by issuer |
jwks.refresh_interval |
string |
query |
False |
Filter by jwks.refresh_interval |
jwks.provider_uri |
string |
query |
False |
Filter by jwks.provider_uri |
introspection.endpoint_uri |
string |
query |
False |
Filter by introspection.endpoint_uri |
introspection.interval |
string |
query |
False |
Filter by introspection.interval |
application |
string |
query |
False |
Filter by application |
use_mutual_tls |
string |
query |
False |
Filter by use_mutual_tls |
client_id |
string |
query |
False |
Filter by client_id |
audience |
string |
query |
False |
Filter by audience |
remote_user_claim |
string |
query |
False |
Filter by remote_user_claim |
hashed_client_secret |
string |
query |
False |
Filter by hashed_client_secret |
fields |
array[string] |
query |
False |
Specify the fields to return. |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
application |
string |
The name of the application using OAuth 2.0. Required for POST operations. |
audience |
string |
The OAuth 2.0 Audience. |
client_id |
string |
The OAuth 2.0 client ID. Required in POST operations for remote introspection. |
client_secret |
string |
The OAuth 2.0 client secret. Required in POST operations for remote introspection. |
hashed_client_secret |
string |
The OAuth 2.0 client secret as a SHA256 HMAC hashed value created with the cluster UUID as its HMAC secret key. |
introspection |
||
issuer |
string |
The OAuth 2.0 Issuer. |
jwks |
||
name |
string |
The configuration name. Required for POST operations. |
outgoing_proxy |
string |
Outgoing proxy to access external identity providers (IdPs). If not specified, no proxy is configured. |
remote_user_claim |
string |
The remote user claim. |
skip_uri_validation |
boolean |
Indicates whether or not to validate the input URIs. Default value is false. |
use_local_roles_if_present |
boolean |
Indicates whether or not to use locally confgiured roles, if present. Default value is false. |
use_mutual_tls |
string |
OAuth 2.0 mutual TLS authentication setting. Set this value to "none" to disable mutual TLS authentication. Set this value to "required" to enforce mutual TLS authentication for all access tokens and reject any token that does not have x5t#S256 property in the cnf section. The default value is "request" which means mutual TLS authentication is enforced only if the x5t#S256 property is present in the cnf section of the access token. |
Example response
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"application": "string",
"audience": "string",
"client_id": "string",
"client_secret": "string",
"hashed_client_secret": "string",
"introspection": {
"endpoint_uri": "https://examplelab.customer.com/token/introspect",
"interval": "PT1H"
},
"issuer": "https://examplelab.customer.com",
"jwks": {
"provider_uri": "https://examplelab.customer.com/pf/JWKS",
"refresh_interval": "PT2H"
},
"name": "auth0",
"outgoing_proxy": "https://johndoe:secretpass@proxy.example.com:8080",
"remote_user_claim": "string",
"use_mutual_tls": "string"
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
introspection
| Name | Type | Description |
|---|---|---|
endpoint_uri |
string |
The token introspection endpoint URI. |
interval |
string |
The refresh interval for caching tokens, in ISO-8601 format. This can be set to the value "disabled" to disable caching of tokens. When set to 0, tokens are cached according to the expiry period in them. Otherwise, it can be set to a value from 1 second to 2147483647 seconds. |
jwks
| Name | Type | Description |
|---|---|---|
provider_uri |
string |
The URI on which the JSON Web Key Set (JWKS) are hosted. |
refresh_interval |
string |
The refresh interval for the JSON Web Key Set (JWKS), in ISO-8601 format. This can be set to a value from 300 seconds to 2147483647 seconds. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |