Read an Identity Provider
GET/iam/v2/identity-providers/:id
Make a request to read an identity provider.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 429
- 500
Identity Provider.
Response Headers
The unique identifier for the API request.
The maximum number of requests you're permitted to make per time period.
The number of requests remaining in the current rate limit window.
The relative time in seconds until the current rate-limit window resets.
Important: This differs from Github and Twitter's same-named header which uses UTC epoch seconds. We use relative time to avoid client/server time synchronization issues.
Bad Request
Response Headers
The unique identifier for the API request.
The request lacks valid authentication credentials for this resource.
Response Headers
The unique identifier for the API request.
The unique identifier for the API request.
Basic error="invalid_key", error_description="The API Key is invalid"The access credentials were considered insufficient to grant access
Response Headers
The unique identifier for the API request.
Not Found
Response Headers
The unique identifier for the API request.
Rate Limit Exceeded
Response Headers
The unique identifier for the API request.
The maximum number of requests you're permitted to make per time period.
The number of requests remaining in the current rate limit window.
The relative time in seconds until the current rate-limit window resets.
Important: This differs from Github and Twitter's same-named header which uses UTC epoch seconds. We use relative time to avoid client/server time synchronization issues.
The number of seconds to wait until the rate limit window resets. Only sent when the rate limit is reached.
Oops, something went wrong!
Response Headers
The unique identifier for the API request.
OpenAPI definition (YAML)
paths:
/iam/v2/identity-providers/{id}:
get:
x-lifecycle-stage: General Availability
x-self-access: true
operationId: getIamV2IdentityProvider
description: '[](#section/Versioning/API-Lifecycle-Policy)
Make a request to read an identity provider.'
parameters:
- name: id
in: path
required: true
schema:
type: string
description: The unique identifier for the identity provider.
tags:
- Identity Providers (iam/v2)
security:
- cloud-api-key: []
- confluent-sts-access-token: []
responses:
'200':
description: Identity Provider.
content:
application/json:
schema:
allOf:
- type: object
description: '`IdentityProvider` objects represent external OAuth-OIDC providers in
Confluent Cloud.
The API allows you to list, create, read, update, and delete your Identity Provider.
Related guide: [OAuth for Confluent Cloud](https://docs.confluent.io/cloud/current/access-management/authenticate/oauth/overview.html).
## The Identity Providers Model
<SchemaDefinition schemaRef="#/components/schemas/iam.v2.IdentityProvider" />
## Quotas and Limits
This resource is subject to the [following quotas](https://docs.confluent.io/cloud/current/quotas/overview.html):
| Quota | Description |
| --- | --- |
| `identity_providers_per_org` | Number of OAuth identity providers per organization
|
| `public_keys_per_provider` | Number of public keys saved per identity provider |'
properties:
api_version:
type: string
enum:
- iam/v2
description: APIVersion defines the schema version of this representation of a resource.
readOnly: true
kind:
type: string
description: Kind defines the object this REST resource represents.
readOnly: true
enum:
- IdentityProvider
id:
description: ID is the "natural identifier" for an object within its scope/namespace;
it is normally unique across time but not space. That is, you can assume that
the ID will not be reclaimed and reused after an object is deleted ("time"); however,
it may collide with IDs for other object `kinds` or objects of the same `kind`
within a different scope/namespace ("space").
type: string
maxLength: 255
readOnly: true
example: dlz-f3a90de
metadata:
allOf:
- description: ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
required:
- self
properties:
self:
description: Self is a Uniform Resource Locator (URL) at which an object can
be addressed. This URL encodes the service location, API version, and other
particulars necessary to locate the resource at a point in time
type: string
format: uri
readOnly: true
example: https://api.confluent.cloud/v2/kafka-clusters/lkc-f3a90de
resource_name:
description: Resource Name is a Uniform Resource Identifier (URI) that is
globally unique across space and time. It is represented as a Confluent
Resource Name
type: string
format: uri
readOnly: true
example: crn://confluent.cloud/kafka=lkc-f3a90de
created_at:
type: string
format: date-time
example: '2006-01-02T15:04:05-07:00'
readOnly: true
description: The date and time at which this object was created. It is represented
in RFC3339 format and is in UTC.
updated_at:
type: string
format: date-time
example: '2006-01-02T15:04:05-07:00'
readOnly: true
description: The date and time at which this object was last updated. It is
represented in RFC3339 format and is in UTC.
deleted_at:
type: string
format: date-time
example: '2006-01-02T15:04:05-07:00'
readOnly: true
description: The date and time at which this object was (or will be) deleted.
It is represented in RFC3339 format and is in UTC.
readOnly: true
title: ObjectMeta
- properties:
self:
example: https://api.confluent.cloud/iam/v2/identity-providers/ip-12345
resource_name:
example: crn://confluent.cloud/organization=9bb441c4-edef-46ac-8a41-c49e44a3fd9a/identity-provider=ip-12345
display_name:
type: string
description: The human-readable name of the OAuth identity provider.
example: My OIDC Provider
description:
type: string
description: A description of the identity provider.
identity_claim:
type: string
description: 'The JSON Web Token (JWT) claim to extract the authenticating identity
to Confluent resources from
[Registered Claim Names](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1).
This appears
in audit log records. Note: if the client specifies mapping to one identity pool
ID, the identity
claim configured with that pool will be used instead.
Note - The attribute is in an [Early Access lifecycle stage]
(https://docs.confluent.io/cloud/current/api.html#section/Versioning/API-Lifecycle-Policy)'
example: claims.sub
state:
type: string
description: The current state of the identity provider.
example: ENABLED
readOnly: true
enum:
- ENABLED
issuer:
type: string
format: uri
description: 'A publicly accessible URL uniquely identifying the OAuth
identity provider authorized to issue access tokens.'
example: https://login.microsoftonline.com/{tenantid}/v2.0
x-immutable: false
jwks_uri:
type: string
format: uri
description: 'A publicly accessible JSON Web Key Set (JWKS) URI for the OAuth
identity provider. JWKS provides a set of crypotgraphic keys
used to verify the authenticity and integrity of JSON Web
Tokens (JWTs) issued by the OAuth identity provider.'
example: https://login.microsoftonline.com/common/discovery/v2.0/keys
x-immutable: false
keys:
type: array
items:
type: object
description: '`JWKS` contains the published keys for the given OpenIDProvider'
required:
- kty
- kid
- alg
properties:
kty:
type: string
description: Specifies the cryptographic algorithm family used with the key
example: RSA
enum:
- RSA
kid:
type: string
description: Specifies the key-id issued by the OpenIDProvider for the particular
tenant
example: nOo3ZDrODXEK1jKWhXslHR_KXEg
alg:
type: string
description: Specifies the algorithm to be used to generate the public key
example: RS256
use:
type: string
description: Specifies the intended usage of the key
example: sig
n:
type: string
description: Specifies the modulus of the RSA public key. Represented as a
Base64urlUInt-encoded value
e:
type: string
description: Specifies the exponent of the RSA public key.
example: AQAB
title: iam.v2.JwksObject
description: 'The JWKS issued by the OAuth identity provider. Only `kid` (key ID)
and `alg` (algorithm) properties for each key set are included.'
readOnly: true
title: iam.v2.IdentityProvider
- type: object
required:
- api_version
- kind
- id
- display_name
- description
- state
- issuer
- jwks_uri
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
X-RateLimit-Limit:
schema:
type: integer
description: The maximum number of requests you're permitted to make per time period.
X-RateLimit-Remaining:
schema:
type: integer
description: The number of requests remaining in the current rate limit window.
X-RateLimit-Reset:
schema:
type: integer
description: "The relative time in seconds until the current rate-limit window resets. \
\ \n \n**Important:** This differs from Github and Twitter's same-named header which\
\ uses UTC epoch seconds. We use relative time to avoid client/server time synchronization\
\ issues."
'400':
description: Bad Request
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '400'
code: invalid_filter
title: Invalid Filter
detail: The 'delorean' resource can't be filtered by 'num_doors'
source:
parameter: num_doors
'401':
x-summary: Unauthorized
description: The request lacks valid authentication credentials for this resource.
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
WWW-Authenticate:
schema:
type: string
description: The unique identifier for the API request.
example: Basic error="invalid_key", error_description="The API Key is invalid"
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '401'
code: user_unauthenticated
title: Authentication Required
detail: Valid authentication credentials must be provided
'403':
x-summary: Forbidden
description: The access credentials were considered insufficient to grant access
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '403'
code: user_unauthorized
title: User Access Unauthorized
detail: The user 'mcfly' is not allowed to access the 'delorean' resource without the
'plutonium' role.
'404':
description: Not Found
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '404'
title: Not Found
'429':
description: Rate Limit Exceeded
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
X-RateLimit-Limit:
schema:
type: integer
description: The maximum number of requests you're permitted to make per time period.
X-RateLimit-Remaining:
schema:
type: integer
description: The number of requests remaining in the current rate limit window.
X-RateLimit-Reset:
schema:
type: integer
description: "The relative time in seconds until the current rate-limit window resets. \
\ \n \n**Important:** This differs from Github and Twitter's same-named header which\
\ uses UTC epoch seconds. We use relative time to avoid client/server time synchronization\
\ issues."
Retry-After:
schema:
type: integer
description: The number of seconds to wait until the rate limit window resets. Only sent
when the rate limit is reached.
'500':
description: Oops, something went wrong!
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '500'
code: out_of_gas
title: DeLorean Out Of Gas
detail: The DeLorean has run out of gas, but Doc Brown will fill 'er up for you asap
servers:
- url: https://api.confluent.cloud
description: Confluent Cloud API