REST API reference
Retrieve all OAuth 2.0 configurations
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
GET /security/authentication/cluster/oauth2/clients
Introduced In: 9.14
Retrieves all OAuth 2.0 configurations.
Related ONTAP commands
-
security oauth2 client show
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
use_mutual_tls |
string |
query |
False |
Filter by use_mutual_tls |
introspection.endpoint_uri |
string |
query |
False |
Filter by introspection.endpoint_uri |
introspection.interval |
string |
query |
False |
Filter by introspection.interval |
jwks.refresh_interval |
string |
query |
False |
Filter by jwks.refresh_interval |
jwks.provider_uri |
string |
query |
False |
Filter by jwks.provider_uri |
audience |
string |
query |
False |
Filter by audience |
application |
string |
query |
False |
Filter by application |
name |
string |
query |
False |
Filter by name |
issuer |
string |
query |
False |
Filter by issuer |
outgoing_proxy |
string |
query |
False |
Filter by outgoing_proxy |
hashed_client_secret |
string |
query |
False |
Filter by hashed_client_secret |
use_local_roles_if_present |
boolean |
query |
False |
Filter by use_local_roles_if_present |
client_id |
string |
query |
False |
Filter by client_id |
remote_user_claim |
string |
query |
False |
Filter by remote_user_claim |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
desc] direction. Default direction is 'asc' for ascending. |
fields |
array[string] |
query |
False |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records. |
records |
array[security_oauth2] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"application": "http",
"hashed_client_secret": "string",
"introspection": {
"endpoint_uri": "https://examplelab.customer.com/token/introspect",
"interval": "PT1H"
},
"issuer": "https://examplelab.customer.com",
"jwks": {
"provider_uri": "https://examplelab.customer.com/pf/JWKS",
"refresh_interval": "PT2H"
},
"name": "auth0",
"outgoing_proxy": "https://johndoe:secretpass@proxy.example.com:8080",
"use_mutual_tls": "none"
}
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
_links
| Name | Type | Description |
|---|---|---|
self |
introspection
| Name | Type | Description |
|---|---|---|
endpoint_uri |
string |
The token introspection endpoint URI. |
interval |
string |
The refresh interval for caching tokens, in ISO-8601 format. This can be set to the value "disabled" to disable caching of tokens. When set to 0, tokens are cached according to the expiry period in them. Otherwise, it can be set to a value from 1 second to 2147483647 seconds. |
jwks
| Name | Type | Description |
|---|---|---|
provider_uri |
string |
The URI on which the JSON Web Key Set (JWKS) are hosted. |
refresh_interval |
string |
The refresh interval for the JSON Web Key Set (JWKS), in ISO-8601 format. This can be set to a value from 300 seconds to 2147483647 seconds. |
security_oauth2
| Name | Type | Description |
|---|---|---|
_links |
||
application |
string |
The name of the application using OAuth 2.0. Required for POST operations. |
audience |
string |
The OAuth 2.0 Audience. |
client_id |
string |
The OAuth 2.0 client ID. Required in POST operations for remote introspection. |
client_secret |
string |
The OAuth 2.0 client secret. Required in POST operations for remote introspection. |
hashed_client_secret |
string |
The OAuth 2.0 client secret as a SHA256 HMAC hashed value created with the cluster UUID as its HMAC secret key. |
introspection |
||
issuer |
string |
The OAuth 2.0 Issuer. |
jwks |
||
name |
string |
The configuration name. Required for POST operations. |
outgoing_proxy |
string |
Outgoing proxy to access external identity providers (IdPs). If not specified, no proxy is configured. |
remote_user_claim |
string |
The remote user claim. |
skip_uri_validation |
boolean |
Indicates whether or not to validate the input URIs. Default value is false. |
use_local_roles_if_present |
boolean |
Indicates whether or not to use locally confgiured roles, if present. Default value is false. |
use_mutual_tls |
string |
OAuth 2.0 mutual TLS authentication setting. Set this value to "none" to disable mutual TLS authentication. Set this value to "required" to enforce mutual TLS authentication for all access tokens and reject any token that does not have x5t#S256 property in the cnf section. The default value is "request" which means mutual TLS authentication is enforced only if the x5t#S256 property is present in the cnf section of the access token. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |