POST /redpanda.core.admin.v2.SecurityService/ResolveOidcIdentity

Validate an Authorization header Bearer token and return the mapped principal and token expiry time.

Headers

  • Connect-Protocol-Version number Required

    Define the version of the Connect protocol

    Value is 1.

  • Connect-Timeout-Ms number

    Define the timeout, in ms

application/json

Body Required

object object

ResolveOidcIdentityRequest is the request for the ResolveOidcIdentity RPC.

Additional properties are NOT allowed.

Responses

  • 200 application/json

    Success

    Hide response attributes Show response attributes object
    • expire string(date-time)

      The timestamp of the token's expiry.

    • groups array[string]

      The groups resolved from the OIDC token.

    • principal string

      The principal resolved from the OIDC token.
  • default application/json

    Error

    Hide response attributes Show response attributes object
    • code string

      The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

      Values are canceled, unknown, invalid_argument, deadline_exceeded, not_found, already_exists, permission_denied, resource_exhausted, failed_precondition, aborted, out_of_range, unimplemented, internal, unavailable, data_loss, or unauthenticated.

    • details array[object]

      A list of messages that carry the error details. There is no limit on the number of messages.

      Hide details attributes Show details attributes object

      Contains an arbitrary serialized message along with a @type that describes the type of the serialized message, with an additional debug field for ConnectRPC error details.

      • debug object

        Detailed error information.

        Additional properties are allowed.

      • type string

        A URL that acts as a globally unique identifier for the type of the serialized message. For example: type.googleapis.com/google.rpc.ErrorInfo. This is used to determine the schema of the data in the value field and is the discriminator for the debug field.

      • value string(binary)

        The Protobuf message, serialized as bytes and base64-encoded. The specific message type is identified by the type field.

    • message string

      A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
POST /redpanda.core.admin.v2.SecurityService/ResolveOidcIdentity 
curl \
 --request POST 'http://localhost:9644/redpanda.core.admin.v2.SecurityService/ResolveOidcIdentity' \
 --header "Content-Type: application/json" \
 --header "Connect-Protocol-Version: 1" \
 --header "Connect-Timeout-Ms: 42.0"
Request examples 
# Headers
Connect-Protocol-Version: 1
Connect-Timeout-Ms: 42.0

# Payload
{}
Response examples (200) 
{
  "expire": "2023-01-15T01:30:15.01Z",
  "groups": [
    "string"
  ],
  "principal": "string"
}
Response examples (default) 
{
  "code": "not_found",
  "details": [
    {
      "debug": {},
      "type": "string",
      "value": "@file"
    }
  ],
  "message": "string"
}