OIDC Authenticator

Once the OIDC Authenticator is configured, you can send an authentication request.

For more information about the OIDC Authenticator, see OpenID Connect (OIDC) Authenticator.

URI

 
POST https://<Conjur-server-hostname>/authn-oidc/<service-id>/<account>/authenticate

URI Parameters

service-id

The ID of the OIDC Provider, for example okta

account

The organization account name

 

The following characters are not supported in URI values: + & % :

Request

Header

Accept-Encoding: base64
Content-Type: application/x-www-form-urlencoded
 

To encode the access token, you need to include base64 as the encoding format in the Accept-Encoding header. If base64 is not included in the header, a raw token is returned using application/json as the content type.

Body

The body must include the ID Token that identifies the user.

id_token: "eyJhbGciOiJSUzI1NiIs......uTonCA"

Example REST request

 
curl -k --request POST 'https://example.com/authn-oidc/myorg/authenticate' --header 'Content-Type: application/x-www-form-urlencoded' --header "Accept-Encoding: base64" --data-urlencode 'jwt=eyJ0e......jjjkl'

Response

Code

Description

200

The response body is the access token

401

The request lacks valid authentication credentials

Response 200 example

Header

 
Content-Encoding: base64
Content-Type: text/plain

Body

Returns a base 64 access token of the user whose ID token is provided in the input:

 
eyJwcm90ZWN0ZWQiOiJleUpoYkdjaU9pSmpiMjVxZFhJdWIzSm5MM05zYjNOcGJHOHZkaklpTENKcmFXUWlPaUkyTXpka05HWTFZMlU1WVdJd05ESTVOR0ZpWkRNNFptTmhPV00zWW1Nek5qWTVaak16TWprNU5UUXdZamhsTm1ZeU5tRTBNVGM1T0RFeE1HSm1aRGcwSW4wPSIsInBheWxvYWQiOiJleUp6ZFdJaU9pSmhaRzFwYmlJc0ltbGhkQ0k2TVRVNU9EYzJPVFUwTUgwPSIsInNpZ25hdHVyZSI6Ik5ya25FQTc2MnoweC1GVmRRakZHZVRUbkJzeXFBdlBHSWEyZUxZV3IyYVVGZDU5dHk0aGMxSlRsVGptdmpGNWNtVDNMUnFGbDhYYzNwMDhabEhjbVc0cTdiVnFtM21odmZEdVNVaE13RzhKUk4yRFZQVHZKbkFiT1NPX0JGdWhKdmk2OGJEVGxZSFFmUF81WHY1VWtuWHlLUDR2dGNoSjloMHJuVXN0T0F1YWlkM0RyQW5RV1c2dDRaMzRQajJhT2JrTkZ1TlMxNDBsamNwZ1A1dHdfU19ISzB6d1dlSXF4cjh6eUpTbk5aNjJ1WlhZV25zU051WGZtSWdtVVo2cTJFeVZWWUJ1Zk5SZTNVUmFkU09OYjRIcnFyX21UaGctWHUzMjA2N1h3QmNWZ3lWQ0JrcWtybktuRW1vRzlMRWs2ZjdNQVpDX1BXZnA4NXQ1VFFhVm1iZFlqT2lDTW9GMFoxYkhyZGN2MC1LRnpNRGxHa0pCS1Jxb0xYYkFGakhjMCJ9

For more information about using the access token, see How to use the access token.