Skip to content

Identity Providers

Operations Summary

Method Endpoint Description
Core CRUD
GET /api/identity-providers/ List Identity Providers
GET /api/identity-providers/{provider}/ Retrieve
POST /api/identity-providers/ Create
PUT /api/identity-providers/{provider}/ Update
PATCH /api/identity-providers/{provider}/ Partial Update
DELETE /api/identity-providers/{provider}/ Delete
Other Actions
POST /api/identity-providers/discover_metadata/ Discover OIDC provider metadata
POST /api/identity-providers/generate-mapping/ Generate default attribute mapping

Core CRUD

List Identity Providers

1
2
3
4
http \
  GET \
  https://api.example.com/api/identity-providers/ \
  Authorization:"Token YOUR_API_TOKEN"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
from waldur_api_client.client import AuthenticatedClient
from waldur_api_client.api.identity_providers import identity_providers_list # (1)

client = AuthenticatedClient(
    base_url="https://api.example.com", token="YOUR_API_TOKEN"
)
response = identity_providers_list.sync(client=client)

for item in response:
    print(item)
  1. API Source: identity_providers_list
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
import { identityProvidersList } from 'waldur-js-client';

try {
  const response = await identityProvidersList({
  auth: "Token YOUR_API_TOKEN"
});
  console.log('Success:', response);
} catch (error) {
  console.error('Error:', error);
}
Name Type Description
page integer A page number within the paginated result set.
page_size integer Number of results to return per page.

200 -

The response body is an array of objects, where each object has the following structure:

Field Type Description
provider string
is_active boolean
client_id string ID of application used for OAuth authentication.
client_secret string Application secret key.
verify_ssl boolean
enable_post_logout_redirect boolean
enable_pkce boolean
discovery_url string The endpoint for endpoint discovery.
userinfo_url string The endpoint for fetching user info.
token_url string The endpoint for obtaining auth token.
auth_url string The endpoint for authorization request flow.
logout_url string The endpoint used to redirect after sign-out.
label string Human-readable identity provider is label.
management_url string The endpoint for user details management.
protected_fields any
extra_scope string Space-separated list of scopes to request during authentication.
user_field string The field in Waldur User model to be used for looking up the user
user_claim string The OIDC claim from the userinfo endpoint to be used as the value for the lookup field.
attribute_mapping any A JSON object mapping Waldur User model fields to OIDC claims. Example:
extra_fields string Space-separated list of extra fields to persist.
allowed_redirects any List of allowed redirect URLs for OAuth authentication. URLs must be exact matches (origin only: scheme + domain + port). HTTPS required except for localhost. No wildcards, paths, query params, or fragments. Example: ["https://portal1.example.com", "https://portal2.example.com:8443"]. If empty, falls back to HOMEPORT_URL setting.

Retrieve

1
2
3
4
http \
  GET \
  https://api.example.com/api/identity-providers/string-value/ \
  Authorization:"Token YOUR_API_TOKEN"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
from waldur_api_client.client import AuthenticatedClient
from waldur_api_client.api.identity_providers import identity_providers_retrieve # (1)

client = AuthenticatedClient(
    base_url="https://api.example.com", token="YOUR_API_TOKEN"
)
response = identity_providers_retrieve.sync(
    provider="string-value",
    client=client
)

print(response)
  1. API Source: identity_providers_retrieve
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import { identityProvidersRetrieve } from 'waldur-js-client';

try {
  const response = await identityProvidersRetrieve({
  auth: "Token YOUR_API_TOKEN",
  path: {
    "provider": "string-value"
  }
});
  console.log('Success:', response);
} catch (error) {
  console.error('Error:', error);
}
Name Type Required
provider string

200 -

Field Type Description
provider string
is_active boolean
client_id string ID of application used for OAuth authentication.
client_secret string Application secret key.
verify_ssl boolean
enable_post_logout_redirect boolean
enable_pkce boolean
discovery_url string The endpoint for endpoint discovery.
userinfo_url string The endpoint for fetching user info.
token_url string The endpoint for obtaining auth token.
auth_url string The endpoint for authorization request flow.
logout_url string The endpoint used to redirect after sign-out.
label string Human-readable identity provider is label.
management_url string The endpoint for user details management.
protected_fields any
extra_scope string Space-separated list of scopes to request during authentication.
user_field string The field in Waldur User model to be used for looking up the user
user_claim string The OIDC claim from the userinfo endpoint to be used as the value for the lookup field.
attribute_mapping any A JSON object mapping Waldur User model fields to OIDC claims. Example:
extra_fields string Space-separated list of extra fields to persist.
allowed_redirects any List of allowed redirect URLs for OAuth authentication. URLs must be exact matches (origin only: scheme + domain + port). HTTPS required except for localhost. No wildcards, paths, query params, or fragments. Example: ["https://portal1.example.com", "https://portal2.example.com:8443"]. If empty, falls back to HOMEPORT_URL setting.

Create

1
2
3
4
5
6
7
8
9
http \
  POST \
  https://api.example.com/api/identity-providers/ \
  Authorization:"Token YOUR_API_TOKEN" \
  provider="string-value" \
  client_id="string-value" \
  client_secret="********" \
  discovery_url="string-value" \
  label="string-value"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
from waldur_api_client.client import AuthenticatedClient
from waldur_api_client.models.identity_provider_request import IdentityProviderRequest # (1)
from waldur_api_client.api.identity_providers import identity_providers_create # (2)

client = AuthenticatedClient(
    base_url="https://api.example.com", token="YOUR_API_TOKEN"
)

body_data = IdentityProviderRequest(
    provider="string-value",
    client_id="string-value",
    client_secret="********",
    discovery_url="string-value",
    label="string-value"
)
response = identity_providers_create.sync(
    client=client,
    body=body_data
)

print(response)
  1. Model Source: IdentityProviderRequest
  2. API Source: identity_providers_create
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
import { identityProvidersCreate } from 'waldur-js-client';

try {
  const response = await identityProvidersCreate({
  auth: "Token YOUR_API_TOKEN",
  body: {
    "provider": "string-value",
    "client_id": "string-value",
    "client_secret": "********",
    "discovery_url": "string-value",
    "label": "string-value"
  }
});
  console.log('Success:', response);
} catch (error) {
  console.error('Error:', error);
}
Field Type Required Description
provider string
is_active boolean
client_id string ID of application used for OAuth authentication.
client_secret string Application secret key.
verify_ssl boolean
enable_post_logout_redirect boolean
enable_pkce boolean
discovery_url string The endpoint for endpoint discovery.
label string Human-readable identity provider is label.
management_url string The endpoint for user details management.
protected_fields any
extra_scope string Space-separated list of scopes to request during authentication.
user_field string The field in Waldur User model to be used for looking up the user
user_claim string The OIDC claim from the userinfo endpoint to be used as the value for the lookup field.
attribute_mapping any A JSON object mapping Waldur User model fields to OIDC claims. Example:
extra_fields string Space-separated list of extra fields to persist.
allowed_redirects any List of allowed redirect URLs for OAuth authentication. URLs must be exact matches (origin only: scheme + domain + port). HTTPS required except for localhost. No wildcards, paths, query params, or fragments. Example: ["https://portal1.example.com", "https://portal2.example.com:8443"]. If empty, falls back to HOMEPORT_URL setting.

201 -

Field Type Description
provider string
is_active boolean
client_id string ID of application used for OAuth authentication.
client_secret string Application secret key.
verify_ssl boolean
enable_post_logout_redirect boolean
enable_pkce boolean
discovery_url string The endpoint for endpoint discovery.
userinfo_url string The endpoint for fetching user info.
token_url string The endpoint for obtaining auth token.
auth_url string The endpoint for authorization request flow.
logout_url string The endpoint used to redirect after sign-out.
label string Human-readable identity provider is label.
management_url string The endpoint for user details management.
protected_fields any
extra_scope string Space-separated list of scopes to request during authentication.
user_field string The field in Waldur User model to be used for looking up the user
user_claim string The OIDC claim from the userinfo endpoint to be used as the value for the lookup field.
attribute_mapping any A JSON object mapping Waldur User model fields to OIDC claims. Example:
extra_fields string Space-separated list of extra fields to persist.
allowed_redirects any List of allowed redirect URLs for OAuth authentication. URLs must be exact matches (origin only: scheme + domain + port). HTTPS required except for localhost. No wildcards, paths, query params, or fragments. Example: ["https://portal1.example.com", "https://portal2.example.com:8443"]. If empty, falls back to HOMEPORT_URL setting.

Update

1
2
3
4
5
6
7
8
9
http \
  PUT \
  https://api.example.com/api/identity-providers/string-value/ \
  Authorization:"Token YOUR_API_TOKEN" \
  provider="string-value" \
  client_id="string-value" \
  client_secret="********" \
  discovery_url="string-value" \
  label="string-value"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
from waldur_api_client.client import AuthenticatedClient
from waldur_api_client.models.identity_provider_request import IdentityProviderRequest # (1)
from waldur_api_client.api.identity_providers import identity_providers_update # (2)

client = AuthenticatedClient(
    base_url="https://api.example.com", token="YOUR_API_TOKEN"
)

body_data = IdentityProviderRequest(
    provider="string-value",
    client_id="string-value",
    client_secret="********",
    discovery_url="string-value",
    label="string-value"
)
response = identity_providers_update.sync(
    provider="string-value",
    client=client,
    body=body_data
)

print(response)
  1. Model Source: IdentityProviderRequest
  2. API Source: identity_providers_update
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
import { identityProvidersUpdate } from 'waldur-js-client';

try {
  const response = await identityProvidersUpdate({
  auth: "Token YOUR_API_TOKEN",
  path: {
    "provider": "string-value"
  },
  body: {
    "provider": "string-value",
    "client_id": "string-value",
    "client_secret": "********",
    "discovery_url": "string-value",
    "label": "string-value"
  }
});
  console.log('Success:', response);
} catch (error) {
  console.error('Error:', error);
}
Name Type Required
provider string
Field Type Required Description
provider string
is_active boolean
client_id string ID of application used for OAuth authentication.
client_secret string Application secret key.
verify_ssl boolean
enable_post_logout_redirect boolean
enable_pkce boolean
discovery_url string The endpoint for endpoint discovery.
label string Human-readable identity provider is label.
management_url string The endpoint for user details management.
protected_fields any
extra_scope string Space-separated list of scopes to request during authentication.
user_field string The field in Waldur User model to be used for looking up the user
user_claim string The OIDC claim from the userinfo endpoint to be used as the value for the lookup field.
attribute_mapping any A JSON object mapping Waldur User model fields to OIDC claims. Example:
extra_fields string Space-separated list of extra fields to persist.
allowed_redirects any List of allowed redirect URLs for OAuth authentication. URLs must be exact matches (origin only: scheme + domain + port). HTTPS required except for localhost. No wildcards, paths, query params, or fragments. Example: ["https://portal1.example.com", "https://portal2.example.com:8443"]. If empty, falls back to HOMEPORT_URL setting.

200 -

Field Type Description
provider string
is_active boolean
client_id string ID of application used for OAuth authentication.
client_secret string Application secret key.
verify_ssl boolean
enable_post_logout_redirect boolean
enable_pkce boolean
discovery_url string The endpoint for endpoint discovery.
userinfo_url string The endpoint for fetching user info.
token_url string The endpoint for obtaining auth token.
auth_url string The endpoint for authorization request flow.
logout_url string The endpoint used to redirect after sign-out.
label string Human-readable identity provider is label.
management_url string The endpoint for user details management.
protected_fields any
extra_scope string Space-separated list of scopes to request during authentication.
user_field string The field in Waldur User model to be used for looking up the user
user_claim string The OIDC claim from the userinfo endpoint to be used as the value for the lookup field.
attribute_mapping any A JSON object mapping Waldur User model fields to OIDC claims. Example:
extra_fields string Space-separated list of extra fields to persist.
allowed_redirects any List of allowed redirect URLs for OAuth authentication. URLs must be exact matches (origin only: scheme + domain + port). HTTPS required except for localhost. No wildcards, paths, query params, or fragments. Example: ["https://portal1.example.com", "https://portal2.example.com:8443"]. If empty, falls back to HOMEPORT_URL setting.

Partial Update

1
2
3
4
http \
  PATCH \
  https://api.example.com/api/identity-providers/string-value/ \
  Authorization:"Token YOUR_API_TOKEN"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
from waldur_api_client.client import AuthenticatedClient
from waldur_api_client.models.patched_identity_provider_request import PatchedIdentityProviderRequest # (1)
from waldur_api_client.api.identity_providers import identity_providers_partial_update # (2)

client = AuthenticatedClient(
    base_url="https://api.example.com", token="YOUR_API_TOKEN"
)

body_data = PatchedIdentityProviderRequest()
response = identity_providers_partial_update.sync(
    provider="string-value",
    client=client,
    body=body_data
)

print(response)
  1. Model Source: PatchedIdentityProviderRequest
  2. API Source: identity_providers_partial_update
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import { identityProvidersPartialUpdate } from 'waldur-js-client';

try {
  const response = await identityProvidersPartialUpdate({
  auth: "Token YOUR_API_TOKEN",
  path: {
    "provider": "string-value"
  }
});
  console.log('Success:', response);
} catch (error) {
  console.error('Error:', error);
}
Name Type Required
provider string
Field Type Required Description
provider string
is_active boolean
client_id string ID of application used for OAuth authentication.
client_secret string Application secret key.
verify_ssl boolean
enable_post_logout_redirect boolean
enable_pkce boolean
discovery_url string The endpoint for endpoint discovery.
label string Human-readable identity provider is label.
management_url string The endpoint for user details management.
protected_fields any
extra_scope string Space-separated list of scopes to request during authentication.
user_field string The field in Waldur User model to be used for looking up the user
user_claim string The OIDC claim from the userinfo endpoint to be used as the value for the lookup field.
attribute_mapping any A JSON object mapping Waldur User model fields to OIDC claims. Example:
extra_fields string Space-separated list of extra fields to persist.
allowed_redirects any List of allowed redirect URLs for OAuth authentication. URLs must be exact matches (origin only: scheme + domain + port). HTTPS required except for localhost. No wildcards, paths, query params, or fragments. Example: ["https://portal1.example.com", "https://portal2.example.com:8443"]. If empty, falls back to HOMEPORT_URL setting.

200 -

Field Type Description
provider string
is_active boolean
client_id string ID of application used for OAuth authentication.
client_secret string Application secret key.
verify_ssl boolean
enable_post_logout_redirect boolean
enable_pkce boolean
discovery_url string The endpoint for endpoint discovery.
userinfo_url string The endpoint for fetching user info.
token_url string The endpoint for obtaining auth token.
auth_url string The endpoint for authorization request flow.
logout_url string The endpoint used to redirect after sign-out.
label string Human-readable identity provider is label.
management_url string The endpoint for user details management.
protected_fields any
extra_scope string Space-separated list of scopes to request during authentication.
user_field string The field in Waldur User model to be used for looking up the user
user_claim string The OIDC claim from the userinfo endpoint to be used as the value for the lookup field.
attribute_mapping any A JSON object mapping Waldur User model fields to OIDC claims. Example:
extra_fields string Space-separated list of extra fields to persist.
allowed_redirects any List of allowed redirect URLs for OAuth authentication. URLs must be exact matches (origin only: scheme + domain + port). HTTPS required except for localhost. No wildcards, paths, query params, or fragments. Example: ["https://portal1.example.com", "https://portal2.example.com:8443"]. If empty, falls back to HOMEPORT_URL setting.

Delete

1
2
3
4
http \
  DELETE \
  https://api.example.com/api/identity-providers/string-value/ \
  Authorization:"Token YOUR_API_TOKEN"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
from waldur_api_client.client import AuthenticatedClient
from waldur_api_client.api.identity_providers import identity_providers_destroy # (1)

client = AuthenticatedClient(
    base_url="https://api.example.com", token="YOUR_API_TOKEN"
)
response = identity_providers_destroy.sync(
    provider="string-value",
    client=client
)

print(response)
  1. API Source: identity_providers_destroy
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import { identityProvidersDestroy } from 'waldur-js-client';

try {
  const response = await identityProvidersDestroy({
  auth: "Token YOUR_API_TOKEN",
  path: {
    "provider": "string-value"
  }
});
  console.log('Success:', response);
} catch (error) {
  console.error('Error:', error);
}
Name Type Required
provider string

204 - No response body

Other Actions

Discover OIDC provider metadata

Fetches OIDC discovery metadata from the provider and returns supported claims, scopes, and suggested mappings to Waldur User fields. Use this to configure attribute_mapping when setting up a new identity provider.

1
2
3
4
5
http \
  POST \
  https://api.example.com/api/identity-providers/discover_metadata/ \
  Authorization:"Token YOUR_API_TOKEN" \
  discovery_url="https://api.example.com/api/discovery-url/a1b2c3d4-e5f6-7890-abcd-ef1234567890/"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
from waldur_api_client.client import AuthenticatedClient
from waldur_api_client.models.discover_metadata_request_request import DiscoverMetadataRequestRequest # (1)
from waldur_api_client.api.identity_providers import identity_providers_discover_metadata # (2)

client = AuthenticatedClient(
    base_url="https://api.example.com", token="YOUR_API_TOKEN"
)

body_data = DiscoverMetadataRequestRequest(
    discovery_url="https://api.example.com/api/discovery-url/a1b2c3d4-e5f6-7890-abcd-ef1234567890/"
)
response = identity_providers_discover_metadata.sync(
    client=client,
    body=body_data
)

print(response)
  1. Model Source: DiscoverMetadataRequestRequest
  2. API Source: identity_providers_discover_metadata
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import { identityProvidersDiscoverMetadata } from 'waldur-js-client';

try {
  const response = await identityProvidersDiscoverMetadata({
  auth: "Token YOUR_API_TOKEN",
  body: {
    "discovery_url": "https://api.example.com/api/discovery-url/a1b2c3d4-e5f6-7890-abcd-ef1234567890/"
  }
});
  console.log('Success:', response);
} catch (error) {
  console.error('Error:', error);
}
Field Type Required Description
discovery_url string (uri) OIDC discovery URL (e.g., https://idp.example.com/.well-known/openid-configuration)
verify_ssl boolean Whether to verify SSL certificate
Constraints: default: True

200 -

Field Type Description
claims_supported array of strings List of claims supported by the OIDC provider
scopes_supported array of strings List of scopes supported by the OIDC provider
endpoints object (free-form) OIDC endpoints (authorization, token, userinfo, logout)
waldur_fields array of objects Waldur User fields with suggested OIDC claim mappings
waldur_fields.field string Waldur User model field name
waldur_fields.description string Human-readable field description
waldur_fields.suggested_claims array of strings OIDC claims that could map to this field, ordered by likelihood
waldur_fields.available_claims array of strings Claims from this IdP that match the suggestions
suggested_scopes array of strings Recommended scopes to request based on claim mappings

Generate default attribute mapping

Generates a suggested attribute_mapping configuration based on the claims supported by an OIDC provider. This can be used as a starting point when creating a new identity provider.

1
2
3
4
5
http \
  POST \
  https://api.example.com/api/identity-providers/generate-mapping/ \
  Authorization:"Token YOUR_API_TOKEN" \
  discovery_url="https://api.example.com/api/discovery-url/a1b2c3d4-e5f6-7890-abcd-ef1234567890/"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
from waldur_api_client.client import AuthenticatedClient
from waldur_api_client.models.discover_metadata_request_request import DiscoverMetadataRequestRequest # (1)
from waldur_api_client.api.identity_providers import identity_providers_generate_mapping # (2)

client = AuthenticatedClient(
    base_url="https://api.example.com", token="YOUR_API_TOKEN"
)

body_data = DiscoverMetadataRequestRequest(
    discovery_url="https://api.example.com/api/discovery-url/a1b2c3d4-e5f6-7890-abcd-ef1234567890/"
)
response = identity_providers_generate_mapping.sync(
    client=client,
    body=body_data
)

print(response)
  1. Model Source: DiscoverMetadataRequestRequest
  2. API Source: identity_providers_generate_mapping
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import { identityProvidersGenerateMapping } from 'waldur-js-client';

try {
  const response = await identityProvidersGenerateMapping({
  auth: "Token YOUR_API_TOKEN",
  body: {
    "discovery_url": "https://api.example.com/api/discovery-url/a1b2c3d4-e5f6-7890-abcd-ef1234567890/"
  }
});
  console.log('Success:', response);
} catch (error) {
  console.error('Error:', error);
}
Field Type Required Description
discovery_url string (uri) OIDC discovery URL (e.g., https://idp.example.com/.well-known/openid-configuration)
verify_ssl boolean Whether to verify SSL certificate
Constraints: default: True

200 -

Field Type Description
attribute_mapping object (free-form) Suggested mapping of Waldur fields to OIDC claims
extra_scope string Suggested scopes to request (space-separated)