ACL OIDC HTTP API
The /acl/oidc
endpoints are used to log in to Nomad via an OIDC provider.
Get an OIDC authentication URL
This endpoint creates a URL which will allow the caller to navigate to their OIDC provider and log in. The returned string is URL encoded.
Method | Path | Produces |
---|---|---|
POST | /v1/acl/oidc/auth-url | application/json |
The table below shows this endpoint's support for blocking queries and required ACLs.
Blocking Queries | ACL Required |
---|---|
NO | none |
Parameters
AuthMethodName
(string: <required>)
- The name of the ACL authentication method to use.RedirectURI
(string: <required>)
- The URI that the response will be sent to when authorization is finished. The value must be included within the auth method's allowed redirect URIs listing.ClientNonce
(string: <required>)
- A randomly generated string to prevent replay attacks.
Sample Payload
Sample Request
Sample Response
Complete OIDC Authentication
This endpoint creates an ACL Role. The request is always forwarded to the authoritative region.
Method | Path | Produces |
---|---|---|
POST | /v1/acl/oidc/complete-auth | application/json |
The table below shows this endpoint's support for blocking queries and required ACLs.
Blocking Queries | ACL Required |
---|---|
NO | none |
Parameters
AuthMethodName
(string: <required>)
- The name of the ACL authentication method to use and will match that used within the call to generate the URL.RedirectURI
(string: <required>)
- The URI that the response will be sent to when authorization is finished. The value must be included within the auth method's allowed redirect URIs listing.ClientNonce
(string: <required>)
- A randomly generated string to prevent replay attacks that will match that used within the call to generate the URL.State
(string: <required>)
- An opaque value used to maintain state between the request and the callback.Code
(string: <required>)
- The authorization code returned from the OIDC providers authorization endpoint.
Sample Payload
Sample Request
Sample Response