You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: "Represents client authentication information in an oidcIdentityProvider provider object where the client secret is used to authenticate the client application."
Represents client authentication information in an **oidcIdentityProvider** provider object where the client secret is used to authenticate the client application with the external OpenID Connect identity provider.
18
18
19
19
Inherits from [oidcClientAuthentication](../resources/oidcclientauthentication.md).
20
20
21
21
## Properties
22
22
23
23
|Property|Type|Description|
24
24
|:---|:---|:---|
25
-
|clientSecret|String|The client secret obtained from configuring the client application on the external OpenID Connect identity provider. <br> The property includes the client secret. Used when the **oidcClientSecretAuthentication** object type is set. This enables the identity provider to use either the client_secret_post or client_secret_jwt authentication method. Conversely, when the **oidcPrivateJwtKeyClientAuthentication** object type is set, the setting allows configuration of the identity provider using private_key_jwt authentication method, which doesn't require client secret.|
25
+
|clientSecret|String|The client secret obtained from configuring the client application on the external OpenID Connect identity provider. The property includes the client secret and enables the identity provider to use either the `client_secret_post` or `client_secret_jwt` authentication method. |
Copy file name to clipboardExpand all lines: api-reference/beta/resources/oidcidentityprovider.md
+6-8Lines changed: 6 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -6,6 +6,7 @@ ms.localizationpriority: medium
6
6
ms.subservice: "entra-sign-in"
7
7
doc_type: resourcePageType
8
8
ms.date: 11/16/2024
9
+
toc.title: OIDC identity provider
9
10
---
10
11
11
12
# oidcIdentityProvider resource type
@@ -22,24 +23,21 @@ Inherits from [identityProviderBase](../resources/identityproviderbase.md).
22
23
23
24
## Methods
24
25
25
-
|Method|Return type|Description|
26
-
|:---|:---|:---|
27
-
|[List](../api/identitycontainer-list-identityproviders.md)|[oidcIdentityProvider](../resources/oidcidentityprovider.md) collection|Get a list of the oidcIdentityProvider objects and their properties.|
28
-
|[Get](../api/identityproviderbase-get.md)|[oidcIdentityProvider](../resources/oidcidentityprovider.md)|Read the properties and relationships of an oidcIdentityProvider object.|
29
-
|[Update](../api/identityproviderbase-update.md)|[oidcIdentityProvider](../resources/oidcidentityprovider.md)|Update the properties of an oidcIdentityProvider object.|
30
-
|[Delete](../api/identityproviderbase-delete.md)|None|Delete an oidcIdentityProvider object.|
26
+
None.
27
+
28
+
For the list of API operations for managing the oidcIdentityProvider resource, see the [identityProviderBase](../resources/identityproviderbase.md) resource type.
31
29
32
30
## Properties
33
31
34
32
|Property|Type|Description|
35
33
|:---|:---|:---|
36
-
|clientAuthentication|[oidcClientAuthentication](../resources/oidcclientauthentication.md)|The client authentication settings.<br> use **`oidcClientSecretAuthentication`** type for setting up your identity provider with `client_secret_post` or `client_secret_jwt authentication` methods. <br> use **`oidcPrivateJwtKeyClientAuthentication`** type for setting up your identity provider with `private_key_jwt` authentication method. <br>Due to security reasons, `client_secret_basic` authentication method is not supported.|
34
+
|clientAuthentication|[oidcClientAuthentication](../resources/oidcclientauthentication.md)|The client authentication settings.<li> Use the **oidcClientSecretAuthentication**derived complex type for setting up your identity provider with `client_secret_post` or `client_secret_jwt authentication` methods. <li> Use the **oidcPrivateJwtKeyClientAuthentication** type for setting up your identity provider with `private_key_jwt` authentication method. <br><br>Due to security reasons, `client_secret_basic` authentication method isn't supported.|
37
35
|clientId|String|The client ID for the application obtained when registering the application with the identity provider.|
38
36
|displayName|String|The display name of the identity provider. Inherited from [identityProviderBase](../resources/identityproviderbase.md).|
39
37
|id|String|The identifier of the identity provider.Required. Inherited from [identityProviderBase](../resources/identityproviderbase.md). Inherits from [entity](../resources/entity.md)|
40
38
|inboundClaimMapping|[oidcInboundClaimMappingOverride](../resources/oidcinboundclaimmappingoverride.md)|After the OIDC provider sends an ID token back to Microsoft Entra External ID, Microsoft Entra External ID needs to be able to map the claims from the received token to the claims that Microsoft Entra ID recognizes and uses. This complex type captures that mapping.|
41
39
|issuer|String|The issuer URI. Issuer URI is a case-sensitive URL using https scheme contains scheme, host, and optionally, port number and path components and no query or fragment components.<br> **Note:** Configuring other Microsoft Entra tenants as an external identity provider is currently not supported. As a result, the `microsoftonline.com` domain in the issuer URI is not accepted.|
42
-
|responseType|oidcResponseType|The response type describes the type of information sent back in the initial call to the authorization_endpoint of the custom identity provider. Possible values: <br>`code`: As per the authorization code flow, a code is returned back to Entra External ID. Entra External ID proceeds to call the token_endpoint to exchange the code for the token.<br>`id_token`: An ID token is returned back to Entra External ID from the custom identity provider. (This value is not supported at the moment).<br>`token`: An access token is returned back to Entra External ID from the custom identity provider. (This value is not supported at the moment).|
40
+
|responseType|oidcResponseType|The response type describes the type of information sent back in the initial call to the authorization_endpoint of the custom identity provider. Possible values: <li>`code`: As per the authorization code flow, a code is returned back to Entra External ID. Entra External ID proceeds to call the token_endpoint to exchange the code for the token.<li>`id_token`: An ID token is returned back to Entra External ID from the custom identity provider. (This value is not supported at the moment).<li>`token`: An access token is returned back to Entra External ID from the custom identity provider. This value is currently unsupported.|
43
41
|scope|String|Scope defines the information and permissions you are looking to gather from your custom identity provider.|
44
42
|wellKnownEndpoint|String|The URL for the metadata document of the OpenID Connect identity provider. Every OpenID Connect identity provider describes a metadata document that contains most of the information required to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The OpenID Connect metadata document is always located at an endpoint that ends in `.well-known/openid-configuration`.<br> **Note:** The metadata document should, at minimum, contain the following properties: `issuer`, `authorization_endpoint`, `token_endpoint`, `token_endpoint_auth_methods_supported`, `response_types_supported`, `subject_types_supported` and `jwks_uri`. Visit [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) specifications for more details.|
0 commit comments