Boundary
Boundary controller HTTP API
Auth Method Service
Lists all auth methods.
Query Parameters
scope_id
string
The scope ID in which to list auth methods.
recursive
boolean
Whether to recursively list auth methods in the provided scope's child scopes.
filter
string
You can specify that the filter should only return items that match. Refer to filter expressions for more information.
list_token
string
An opaque token that Boundary uses to continue an existing iteration or request updated items. If you do not specify a token, pagination starts from the beginning. To learn more about list pagination in Boundary, refer to list pagination.
page_size
integer
The maximum size of a page in this iteration. If you do not set a page size, Boundary uses the configured default page size. If the page_size is greater than the default page size configured, Boundary truncates the page size to this number.
Creates a single auth method.
Body Parameters
scope_id
string
The ID of the Scope of which this auth method is a part.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version. Version is not required when you create an auth method.
type
string
The auth method type.
attributes
object
The attributes that are applicable for the specific auth method type. The schema of this field depends on the type of the auth method that you create want to create. For password auth methods, the parameters are:
{
"min_login_name_length": "min_login_name_length",
"min_password_length": "min_password_length"
}
For OIDC auth methods, the parameters are:
{
"issuer": "issuer",
"client_id": "client_id",
"client_secret": "client_secret",
"max_age": 3600,
"signing_algorithms": [],
"api_url_prefix": "api_url_prefix",
"idp_ca_certs": [],
"allowed_audiences": [],
"claims_scopes": [],
"account_claim_maps": [],
"disable_discovered_config_validation": false,
"prompts": []
}
For LDAP auth methods, the parameters are:
{
"start_tls": false,
"insecure_tls": false,
"discover_dn": false,
"anon_group_search": false,
"upn_domain": "upn_domain",
"urls": [],
"user_dn": "user_dn",
"user_attr": "user_attr",
"user_filter": "user_filter",
"enable_groups": false,
"group_dn": "group_dn",
"group_attr": "group_attr",
"group_filter": "group_filter",
"certificates": [],
"client_certificate": "client_certificate",
"client_certificate_key": "client_certificate_key",
"bind_dn": "bind_dn",
"bind_password": "bind_password",
"use_token_groups": false,
"account_attribute_maps": [],
"maximum_page_size": 1000,
"dereference_aliases": "never"
}
Authenticate a user to an scope and retrieve an authentication token.
Path Parameters
auth_method_id
string
RequiredThe ID of the auth method in the system that should be used for authentication.
Body Parameters
token_type
string
This can be "cookie" or "token". If not provided, "token" will be used. "cookie" activates a split-cookie method where the token is split partially between http-only and regular cookies in order to keep it safe from rogue JS in the browser. Deprecated, use "type" instead.
type
string
This can be "cookie" or "token". If not provided, "token" will be used. "cookie" activates a split-cookie method where the token is split partially between http-only and regular cookies in order to keep it safe from rogue JS in the browser.
attributes
object
The attributes that are used to authenticate to the auth method. The schema of this field depends on the type of the auth method. For password auth methods, the parameters are:
{
"login_name": "login_name",
"password": "password"
}
For LDAP auth methods, the parameters are:
{
"login_name": "login_name",
"password": "password"
}
For OIDC auth methods, the parameters are:
{
"roundtrip_payload": {}
}
OIDC authentication requires multiple calls to this endpoint. After the initial call and successful authentication, the OIDC provider must redirect the user to the callback
command:
{
"code": "code",
"state": "state",
"error": "error",
"error_description": "error_description",
"error_uri": "error_uri"
}
Once this has succeded, the issued auth token can be retrieved by using the token
command:
{
"token_id": "token_id_from_initial_response"
}
command
string
The command to perform. One of "login", "callback", or "token".
Gets a single auth method.
Path Parameters
id
string
RequiredID of the auth method being requested.
Deletes an AuthMethod
Path Parameters
id
string
RequiredThe ID of the auth method to delete.
Updates an auth method.
Path Parameters
id
string
RequiredThe ID of the auth method that should be updated
Body Parameters
scope_id
string
The ID of the Scope of which this auth method is a part.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version. Version is not required when you create an auth method.
type
string
The auth method type.
attributes
object
The attributes that are applicable for the specific auth method type. The schema of this field depends on the type of the auth method that you create want to create. For password auth methods, the parameters are:
{
"min_login_name_length": "min_login_name_length",
"min_password_length": "min_password_length"
}
For OIDC auth methods, the parameters are:
{
"issuer": "issuer",
"client_id": "client_id",
"client_secret": "client_secret",
"max_age": 3600,
"signing_algorithms": [],
"api_url_prefix": "api_url_prefix",
"idp_ca_certs": [],
"allowed_audiences": [],
"claims_scopes": [],
"account_claim_maps": [],
"disable_discovered_config_validation": false,
"prompts": []
}
For LDAP auth methods, the parameters are:
{
"start_tls": false,
"insecure_tls": false,
"discover_dn": false,
"anon_group_search": false,
"upn_domain": "upn_domain",
"urls": [],
"user_dn": "user_dn",
"user_attr": "user_attr",
"user_filter": "user_filter",
"enable_groups": false,
"group_dn": "group_dn",
"group_attr": "group_attr",
"group_filter": "group_filter",
"certificates": [],
"client_certificate": "client_certificate",
"client_certificate_key": "client_certificate_key",
"bind_dn": "bind_dn",
"bind_password": "bind_password",
"use_token_groups": false,
"account_attribute_maps": [],
"maximum_page_size": 1000,
"dereference_aliases": "never"
}
Changes the state of an OIDC AuthMethod
Path Parameters
id
string
RequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
attributes
object
The attributes that are applicable for the specific auth method type. The schema of this field depends on the type of the auth method. The only supported auth method type is OIDC. For OIDC auth methods, the parameters are:
{
"state": "active-public",
"disable_discovered_config_validation": false
}