Get all Identity Mappings by Provider Name

JFrog REST APIs

Content Type
REST API
ft:sourceType
Paligo

Description: Get all identity mappings for an OIDC configuration.

Since: Artifactory Cloud 7.73.1, Artifactory Self Hosted 7.77.3. Added project_key in Artifactory 7.94.1.

Security: Requires a valid admin token

Usage: GET /access/api/v1/oidc/{provider_name}/identity_mappings/

Produces: application/json

Parameters:

The JSON record contains the following fields:

Name

Type

Description

Required

name

string

Name of the identity mapping

Mandatory

description

string

The description of the identity mapping

Optional

provider_name

string

Name of the OIDC configuration. The OIDC provider that will connect with the JFrog Platform. This name must match the name configured in the OIDC provider. The provider name serves as an integral part of the identification process when the provider initiates a request for an access token from the JFrog Platform.

Mandatory.

priority

integer

The priority of the identity mapping. The priority should be a number. The higher priority is set for the lower number. If you do not enter a value, the identity mapping is assigned the lowest priority. We recommend that you assign the highest priority (1) to the strongest permission gate. Set the lowest priority to the weakest permission for a logical and effective access control setup.

Mandatory

claims

object

Claims information from the OIDC provider. Should contain the following:

  • sub

  • workflow_ref

Mandatory

token_spec

object

Contains the following token specifications:

  • username - User name of the OIDC user. Optional.

  • scope - Scope of the token. You can use applied-permissions/user, applied-permissions/admin, or applied-permissions/group. You can specify the group name after the group. For example, applied-permissions/group:readers. Mandatory if you do not provide the user.

  • audience - Sets the JFrog services to which the mapping applies. Default value is @, which applies to all services. Optional.

  • expires_in - Token expiry time in seconds. Default value is 3600. Optional.

Mandatory

project_key

string

If set, this Identity Mapping will be available in the scope of the given project (editable by platform admin and project admin). If not set, this Identity Mapping will be global and only editable by platform admin. Once set, the projectKey cannot be changed.

Optional

Header parameter: Authorization: Bearer. For more information about creating tokens, see Create Token.

Sample Usage

curl -X GET 'http://sample.jfrog.io/access/api/v1/oidc/ciconnect/identity_mappings/' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer cmVmdmI0'

[
    {
        "name": "idmapciconnect",
        "description": "",
        "claims": {
            "name": "github-repo-read",
            "claims": {
                "sub": "repo:mosheya/access-oidc-poc:ref:refs/heads/main",
                "workflow_ref": "mosheya/access-oidc-poc/.github/workflows/job.yaml@refs/heads/main"
            },
            "provider_name": "github-oidc",
            "token_spec": {
                "username": "moshey",
                "scope": "applied-permissions/user",
                "audience": [
                    "jfrt@service_id"
                ],
                "expires_in": 3600
            }
        },
        "token_spec": {
            "username": "admconnect",
            "scope": "applied-permissions/admin",
            "audience": "*@*",
            "expires_in": 60
        },
        "priority": 1
    },
    {
        "name": "zmap",
        "description": "",
        "claims": {
            "name": "github-repo-read",
            "claims": {
                "sub": "repo:humpty/access-oidc-poc:ref:refs/heads/main",
                "workflow_ref": "humpty/access-oidc-poc/.github/workflows/job.yaml@refs/heads/main"
            },
            "provider_name": "github-oidc",
            "token_spec": {
                "username": "humpty",
                "scope": "applied-permissions/user",
                "audience": [
                    "jfrt@service_id"
                ],
                "expires_in": 3600
            }
        },
        "token_spec": {
            "username": "humpty",
            "scope": "applied-permissions/admin",
            "audience": "*@*",
            "expires_in": 60
        },
        "priority": 2
    }
]