Add an OIDC trusted-identity issuer (discovery + test-fetch before save)

POST /api/v1/admin/identity/issuers

Takes an issuer URL as a discovery locator, fetches its /.well-known/openid-configuration, derives and test-fetches the JWKS (SSRF-guarded), and stores the canonical discovery issuer + derived jwks_uri. Fails 422 if discovery/test-fetch fails (no row written); 409 on a duplicate (issuer, audience). Requires manage_settings.

Request

Responses

Default Response

Add an OIDC trusted-identity issuer (discovery + test-fetch before save)

/api/v1/admin/identity/issuers

Request​

Responses​

Request

Responses