WickrAdminAPI / Client / get_oidc_info

get_oidc_info

WickrAdminAPI.Client.get_oidc_info(**kwargs)

Retrieves the OpenID Connect (OIDC) configuration for a Wickr network, including SSO settings and optional token information if access token parameters are provided.

See also: AWS API Documentation

Request Syntax

response = client.get_oidc_info(
    networkId='string',
    clientId='string',
    code='string',
    grantType='string',
    redirectUri='string',
    url='string',
    clientSecret='string',
    codeVerifier='string',
    certificate='string'
)

Parameters:

• networkId (string) –

  [REQUIRED]

  The ID of the Wickr network whose OIDC configuration will be retrieved.

• clientId (string) – The OAuth client ID for retrieving access tokens (optional).

• code (string) – The authorization code for retrieving access tokens (optional).

• grantType (string) – The OAuth grant type for retrieving access tokens (optional).

• redirectUri (string) – The redirect URI for the OAuth flow (optional).

• url (string) – The URL for the OIDC provider (optional).

• clientSecret (string) – The OAuth client secret for retrieving access tokens (optional).

• codeVerifier (string) – The PKCE code verifier for enhanced security in the OAuth flow (optional).

• certificate (string) – The CA certificate for secure communication with the OIDC provider (optional).

Return type:

dict

Returns:

Response Syntax

{
    'openidConnectInfo': {
        'applicationName': 'string',
        'clientId': 'string',
        'companyId': 'string',
        'scopes': 'string',
        'issuer': 'string',
        'clientSecret': 'string',
        'secret': 'string',
        'redirectUrl': 'string',
        'userId': 'string',
        'customUsername': 'string',
        'caCertificate': 'string',
        'applicationId': 123,
        'ssoTokenBufferMinutes': 123,
        'extraAuthParams': 'string'
    },
    'tokenInfo': {
        'codeVerifier': 'string',
        'codeChallenge': 'string',
        'accessToken': 'string',
        'idToken': 'string',
        'refreshToken': 'string',
        'tokenType': 'string',
        'expiresIn': 123
    }
}

Response Structure

• (dict) –

  • openidConnectInfo (dict) –

    The OpenID Connect configuration information for the network, including issuer, client ID, scopes, and other SSO settings.

    • applicationName (string) –

      The name of the OIDC application as registered with the identity provider.

    • clientId (string) –

      The OAuth client ID assigned by the identity provider for authentication requests.

    • companyId (string) –

      Custom identifier your end users will use to sign in with SSO.

    • scopes (string) –

      The OAuth scopes requested from the identity provider, which determine what user information is accessible (e.g., ‘openid profile email’).

    • issuer (string) –

      The issuer URL of the identity provider, which serves as the base URL for OIDC endpoints and configuration discovery.

    • clientSecret (string) –

      The OAuth client secret used to authenticate the application with the identity provider.

    • secret (string) –

      An additional secret credential used by the identity provider for authentication.

    • redirectUrl (string) –

      The callback URL where the identity provider redirects users after successful authentication. This URL must be registered with the identity provider.

    • userId (string) –

      The claim field from the OIDC token to use as the unique user identifier (e.g., ‘email’, ‘sub’, or a custom claim).

    • customUsername (string) –

      A custom field mapping to extract the username from the OIDC token when the standard username claim is insufficient.

    • caCertificate (string) –

      The X.509 CA certificate for validating SSL/TLS connections to the identity provider when using self-signed or enterprise certificates.

    • applicationId (integer) –

      The unique identifier for the registered OIDC application. Valid range is 1-10.

    • ssoTokenBufferMinutes (integer) –

      The grace period in minutes before the SSO token expires when the system should proactively refresh the token to maintain seamless user access.

    • extraAuthParams (string) –

      Additional authentication parameters to include in the OIDC authorization request as a query string. Useful for provider-specific extensions.

  • tokenInfo (dict) –

    OAuth token information including access token, refresh token, and expiration details (only present if token parameters were provided in the request).

    • codeVerifier (string) –

      The PKCE (Proof Key for Code Exchange) code verifier, a cryptographically random string used to enhance security in the OAuth flow.

    • codeChallenge (string) –

      The PKCE code challenge, a transformed version of the code verifier sent during the authorization request for verification.

    • accessToken (string) –

      The OAuth access token that can be used to access protected resources on behalf of the authenticated user.

    • idToken (string) –

      The OpenID Connect ID token containing user identity information and authentication context as a signed JWT.

    • refreshToken (string) –

      The OAuth refresh token that can be used to obtain new access tokens without requiring the user to re-authenticate.

    • tokenType (string) –

      The type of access token issued, typically ‘Bearer’, which indicates how the token should be used in API requests.

    • expiresIn (integer) –

      The lifetime of the access token in seconds, indicating when the token will expire and need to be refreshed.

Exceptions

• WickrAdminAPI.Client.exceptions.ValidationError

• WickrAdminAPI.Client.exceptions.BadRequestError

• WickrAdminAPI.Client.exceptions.ResourceNotFoundError

• WickrAdminAPI.Client.exceptions.ForbiddenError

• WickrAdminAPI.Client.exceptions.UnauthorizedError

• WickrAdminAPI.Client.exceptions.InternalServerError

• WickrAdminAPI.Client.exceptions.RateLimitError