POST /redpanda.core.admin.v2.SecurityService/ResolveOidcIdentity

Validate an Authorization header Bearer token and return the mapped principal and token expiry time.

Headers

  • Connect-Protocol-Version number Required

    Define the version of the Connect protocol

    Value is 1.

  • Connect-Timeout-Ms number

    Define the timeout, in ms

application/json

Body Required

object object

ResolveOidcIdentityRequest is the request for the ResolveOidcIdentity RPC.

Additional properties are NOT allowed.

Responses

  • 200 application/json

    Success

    Hide response attributes Show response attributes object
    • expire string(date-time)

      The timestamp of the token's expiry.

    • groups array[string]

      The groups resolved from the OIDC token.

    • principal string

      The principal resolved from the OIDC token.
  • default application/json

    Error

    Hide response attributes Show response attributes object
    • code string

      The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

      Values are canceled, unknown, invalid_argument, deadline_exceeded, not_found, already_exists, permission_denied, resource_exhausted, failed_precondition, aborted, out_of_range, unimplemented, internal, unavailable, data_loss, or unauthenticated.

    • details array[object]

      A list of messages that carry the error details. There is no limit on the number of messages.

      Contains an arbitrary serialized message along with a @type that describes the type of the serialized message, with an additional debug field for ConnectRPC error details.

      Hide details attributes Show details attributes object
      • debug object

        Detailed error information.

        Additional properties are allowed.

      • type string

        A URL that acts as a globally unique identifier for the type of the serialized message. For example: type.googleapis.com/google.rpc.ErrorInfo. This is used to determine the schema of the data in the value field and is the discriminator for the debug field.

      • value string(binary)

        The Protobuf message, serialized as bytes and base64-encoded. The specific message type is identified by the type field.

    • message string

      A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
POST /redpanda.core.admin.v2.SecurityService/ResolveOidcIdentity 
curl \
 --request POST 'http://localhost:9644/redpanda.core.admin.v2.SecurityService/ResolveOidcIdentity' \
 --header "Content-Type: application/json" \
 --header "Connect-Protocol-Version: 1" \
 --header "Connect-Timeout-Ms: 42.0"
Request examples 
# Headers
Connect-Protocol-Version: 1
Connect-Timeout-Ms: 42.0

# Payload
{}
Response examples (200) 
{
  "expire": "2023-01-15T01:30:15.01Z",
  "groups": [
    "string"
  ],
  "principal": "string"
}
Response examples (default) 
{
  "code": "not_found",
  "details": [
    {
      "debug": {},
      "type": "string",
      "value": "@file"
    }
  ],
  "message": "string"
}

Documentation preview

will expire on March 31 at 16:54

This is a preview of your version @2026-03-24.

View current documentation