update-oidc-provider

Updates the configuration of an OpenID Connect provider.

[-c value | --configuration=value] 
[-b value | --bootstrap-config=value] 
<-n value | --provider-name=value> 
[--enabled=<true|false>] 
[--discovery-url=value] 
[--client-id=value] 
[--client-secret=value] 
[--domain-option=value] 
[--domain-name=value] 
[--username-claim=value] 
[--display-name-claim=value] 
[--email-claim=value] 
[--domain-claim=value] 
[--id-token-signing-alg=value] 
[--id-token-signature-verification-disabled=<true|false>] 
[--token-endpoint-auth-method=value]
[--revocation-endpoint-auth-method=value] 
{-Svalue} 
[--auth-request-prompt-value=value] 
[--clear-custom-params] 
{-Pkey=value} 
[--include-id-token-hint=<true|false>]
[--include-login-hint=<true|false>] 
[--login-hint-claim=value] 
[--pushed-authorization-request-enabled=<true|false>] 
[--use-pkce=<true|false>]
[--bg-color=value]

Overview

Use this command to update an existing OpenID Connect provider configuration. For example, can be used after the register-oidc-client command in a script.

Options


Option	Optional or Required	Default Value	Description
`-c value --configuration=value`	Optional	configuration.xml	The path to the server configuration file.
`-b value --bootstrap-config=value`	Optional	none	The path to the bootstrap configuration file. See Bootstrap.xml file for more information about this file.
`-n value --provider-name=value`	Required	none	The name of the provider to update. Normally displayed to end users on the login page.
`--enabled=<true\|false>`	Optional	none	Specifies whether the provider should be enabled..
`--discovery-url=value`	Optional	none	The URL to the provider's OpenID Connect Discovery document.
`--client-id=value`	Optional	none	The client ID given by the provider during registration.
`--client-secret=value`	Optional	none	The client secret given by the provider during registration.
`--domain-option=value`	Optional	none	The way the domain of authenticated users is established. Can be one of the following. `use_domain_claim` `use_static_domain` `parse_username_claim`
`--domain-name=value`	This argument is optional unless the value of the `--provider-domain-option` is `use_static_domain`.	none	The domain name which to assign the authenticated users to.
`--username-claim=value`	Optional	none	The name of the claim to use as username for the authenticated users. Can be `email`, for example. The name of the claim is case sensitive. Note: Only `sub` is guaranteed to be a unique and stable identifier.
`--display-name-claim=value`	Optional	none	The name of the claim to use as the display name for the authenticated users. The name of the claim is case sensitive.
`--email-claim=value`	Optional	none	The name of the claim to use as email address for the authenticated users. The name of the claim is case sensitive.
`--domain-claim=value`	Optional	none	The name of the claim to use as domain name for the authenticated users. The name of the claim is case sensitive.
`--id-token-signing-alg=value`	Optional	none	The ID token signature algorithm to expect.
`--id-token-signature-verification-disabled=<true\|false>`	Optional	none	Indicates that signature verification of ID tokens should be disabled. This should normally only be specified if the provider does not sign the ID tokens.
`--token-endpoint-auth-method=value`	Optional	none	The authentication method to use when communicating with the provider's Token Endpoint. Can be one of the following. `client_secret_basic` `client_secret_post` `client_secret_jwt` `private_key_jwt` is not supported.
`--revocation-endpoint-auth-method=value`	Optional	By default one of the algorithms listed as supported in the Discovery Document is used.	The authentication method to use when communicating with the provider's Revocation Endpoint. May be one of the following: `client_secret_basic` `client_secret_post` `client_secret_jwt` `private_key_jwt` is not supported.
`-Svalue`	Optional	none	A scope to include in the authentication request (besides `openid`; that is always included). This argument can be specified multiple times with different values.
`--auth-request-prompt-value=value`	Optional	none	The value to give the `prompt` request parameter when making the authentication request. Controls how the provider prompts the end user. May be one of the following. `none` `login` `consent` `select_account`
`--clear-custom-params`	Optional	none	Custom parameters are cleared from the provider configuration. This flag can be used together with the `-Pkey` flag to remove all old custom parameters before adding the new.
`-Pkey=value`	Optional	none	A custom parameter included in the authentication request. Must not be any of the parameters controlled through other settings (such as `scope` or `prompt`). Can be specified multiple times with different keys.
`--include-id-token-hint=<true\|false>`	Optional	false	Indicates whether the `id_token_hint` parameter should be included in the authentication request (when an ID token is available, for example, when users re-authenticate after an absolute session timeout). The `id_token_hint` parameter should not be used together with the `login_hint` parameter.
`--include-login-hint=<true\|false>`	Optional	none	Indicates whether the `login_hint` parameter should be included in the authentication request (when a value is available - for example when users re-authenticate after an absolute session timeout). The `login_hint` parameter should not be used together with the `id_token_hint` parameter.
`--login-hint-claim=value`	Optional		The name of the claim to include as value for the `login_hint`. Typical values are `email`, `sub` or `preferred_username`.
`--pushed-authorization-request-enabled=<true\|false>`	Optional	true	Specifies whether to use RFC 9126 pushed authorization requests (PAR), if it is supported by the provider.
`--use-pkce=<true\|false>`	Optional	true	Specifies whether PKCE (RFC 7636) should be used (if it is supported by the provider, according to the Discovery Document).
`--bg-color=value`	Optional	none	The background color of the provider's button on the login page (when applicable), as a hexadecimal color value.