:doc:`WickrAdminAPI <../../wickr>` / Client / get_oidc_info

*************
get_oidc_info
*************



.. py:method:: WickrAdminAPI.Client.get_oidc_info(**kwargs)

  

  Retrieves the OpenID Connect (OIDC) configuration for a Wickr network, including SSO settings and optional token information if access token parameters are provided.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/wickr-2024-02-01/GetOidcInfo>`_  


  **Request Syntax**
  ::

    response = client.get_oidc_info(
        networkId='string',
        clientId='string',
        code='string',
        grantType='string',
        redirectUri='string',
        url='string',
        clientSecret='string',
        codeVerifier='string',
        certificate='string'
    )
    
  :type networkId: string
  :param networkId: **[REQUIRED]** 

    The ID of the Wickr network whose OIDC configuration will be retrieved.

    

  
  :type clientId: string
  :param clientId: 

    The OAuth client ID for retrieving access tokens (optional).

    

  
  :type code: string
  :param code: 

    The authorization code for retrieving access tokens (optional).

    

  
  :type grantType: string
  :param grantType: 

    The OAuth grant type for retrieving access tokens (optional).

    

  
  :type redirectUri: string
  :param redirectUri: 

    The redirect URI for the OAuth flow (optional).

    

  
  :type url: string
  :param url: 

    The URL for the OIDC provider (optional).

    

  
  :type clientSecret: string
  :param clientSecret: 

    The OAuth client secret for retrieving access tokens (optional).

    

  
  :type codeVerifier: string
  :param codeVerifier: 

    The PKCE code verifier for enhanced security in the OAuth flow (optional).

    

  
  :type certificate: string
  :param certificate: 

    The CA certificate for secure communication with the OIDC provider (optional).

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'openidConnectInfo': {
              'applicationName': 'string',
              'clientId': 'string',
              'companyId': 'string',
              'scopes': 'string',
              'issuer': 'string',
              'clientSecret': 'string',
              'secret': 'string',
              'redirectUrl': 'string',
              'userId': 'string',
              'customUsername': 'string',
              'caCertificate': 'string',
              'applicationId': 123,
              'ssoTokenBufferMinutes': 123,
              'extraAuthParams': 'string'
          },
          'tokenInfo': {
              'codeVerifier': 'string',
              'codeChallenge': 'string',
              'accessToken': 'string',
              'idToken': 'string',
              'refreshToken': 'string',
              'tokenType': 'string',
              'expiresIn': 123
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **openidConnectInfo** *(dict) --* 

        The OpenID Connect configuration information for the network, including issuer, client ID, scopes, and other SSO settings.

        
        

        - **applicationName** *(string) --* 

          The name of the OIDC application as registered with the identity provider.

          
        

        - **clientId** *(string) --* 

          The OAuth client ID assigned by the identity provider for authentication requests.

          
        

        - **companyId** *(string) --* 

          Custom identifier your end users will use to sign in with SSO.

          
        

        - **scopes** *(string) --* 

          The OAuth scopes requested from the identity provider, which determine what user information is accessible (e.g., 'openid profile email').

          
        

        - **issuer** *(string) --* 

          The issuer URL of the identity provider, which serves as the base URL for OIDC endpoints and configuration discovery.

          
        

        - **clientSecret** *(string) --* 

          The OAuth client secret used to authenticate the application with the identity provider.

          
        

        - **secret** *(string) --* 

          An additional secret credential used by the identity provider for authentication.

          
        

        - **redirectUrl** *(string) --* 

          The callback URL where the identity provider redirects users after successful authentication. This URL must be registered with the identity provider.

          
        

        - **userId** *(string) --* 

          The claim field from the OIDC token to use as the unique user identifier (e.g., 'email', 'sub', or a custom claim).

          
        

        - **customUsername** *(string) --* 

          A custom field mapping to extract the username from the OIDC token when the standard username claim is insufficient.

          
        

        - **caCertificate** *(string) --* 

          The X.509 CA certificate for validating SSL/TLS connections to the identity provider when using self-signed or enterprise certificates.

          
        

        - **applicationId** *(integer) --* 

          The unique identifier for the registered OIDC application. Valid range is 1-10.

          
        

        - **ssoTokenBufferMinutes** *(integer) --* 

          The grace period in minutes before the SSO token expires when the system should proactively refresh the token to maintain seamless user access.

          
        

        - **extraAuthParams** *(string) --* 

          Additional authentication parameters to include in the OIDC authorization request as a query string. Useful for provider-specific extensions.

          
    
      

      - **tokenInfo** *(dict) --* 

        OAuth token information including access token, refresh token, and expiration details (only present if token parameters were provided in the request).

        
        

        - **codeVerifier** *(string) --* 

          The PKCE (Proof Key for Code Exchange) code verifier, a cryptographically random string used to enhance security in the OAuth flow.

          
        

        - **codeChallenge** *(string) --* 

          The PKCE code challenge, a transformed version of the code verifier sent during the authorization request for verification.

          
        

        - **accessToken** *(string) --* 

          The OAuth access token that can be used to access protected resources on behalf of the authenticated user.

          
        

        - **idToken** *(string) --* 

          The OpenID Connect ID token containing user identity information and authentication context as a signed JWT.

          
        

        - **refreshToken** *(string) --* 

          The OAuth refresh token that can be used to obtain new access tokens without requiring the user to re-authenticate.

          
        

        - **tokenType** *(string) --* 

          The type of access token issued, typically 'Bearer', which indicates how the token should be used in API requests.

          
        

        - **expiresIn** *(integer) --* 

          The lifetime of the access token in seconds, indicating when the token will expire and need to be refreshed.

          
    
  
  **Exceptions**
  
  *   :py:class:`WickrAdminAPI.Client.exceptions.ValidationError`

  
  *   :py:class:`WickrAdminAPI.Client.exceptions.BadRequestError`

  
  *   :py:class:`WickrAdminAPI.Client.exceptions.ResourceNotFoundError`

  
  *   :py:class:`WickrAdminAPI.Client.exceptions.ForbiddenError`

  
  *   :py:class:`WickrAdminAPI.Client.exceptions.UnauthorizedError`

  
  *   :py:class:`WickrAdminAPI.Client.exceptions.InternalServerError`

  
  *   :py:class:`WickrAdminAPI.Client.exceptions.RateLimitError`

  