keys
Creates, updates, deletes, gets or lists a keys resource.
Overview
| Name | keys |
| Type | Resource |
| Id | okta.idps.keys |
Fields
The following fields are returned by SELECT queries:
- list_identity_provider_keys
- get_identity_provider_key
| Name | Datatype | Description |
|---|---|---|
created | string (date-time) | Timestamp when the object was created (example: 2016-01-03T18:15:47.000Z) |
e | string | The exponent value for the RSA public key (example: AQAB) |
expiresAt | string (date-time) | Timestamp when the object expires (example: 2016-01-03T18:15:47.000Z) |
kid | string | Unique identifier for the key (example: your-key-id) |
kty | string | Identifies the cryptographic algorithm family used with the key (example: RSA) |
lastUpdated | string (date-time) | Timestamp when the object was last updated (example: 2016-01-03T18:15:47.000Z) |
n | string | The modulus value for the RSA public key (example: 101438407598598116085679865987760095721749307901605456708912786847324207000576780508113360584555007890315805735307890113536927352312915634368993759211767770602174860126854831344273970871509573365292777620005537635317282520456901584213746937262823585533063042033441296629204165064680610660631365266976782082747) |
use | string | Intended use of the public key (example: sig) |
x5c | array | Base64-encoded X.509 certificate chain with DER encoding |
x5t#S256 | string | Base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate (example: wzPVobIrveR1x-PCbjsFGNV-6zn7Rm9KuOWOG4Rk6jE) |
| Name | Datatype | Description |
|---|---|---|
created | string (date-time) | Timestamp when the object was created (example: 2016-01-03T18:15:47.000Z) |
e | string | The exponent value for the RSA public key (example: AQAB) |
expiresAt | string (date-time) | Timestamp when the object expires (example: 2016-01-03T18:15:47.000Z) |
kid | string | Unique identifier for the key (example: your-key-id) |
kty | string | Identifies the cryptographic algorithm family used with the key (example: RSA) |
lastUpdated | string (date-time) | Timestamp when the object was last updated (example: 2016-01-03T18:15:47.000Z) |
n | string | The modulus value for the RSA public key (example: 101438407598598116085679865987760095721749307901605456708912786847324207000576780508113360584555007890315805735307890113536927352312915634368993759211767770602174860126854831344273970871509573365292777620005537635317282520456901584213746937262823585533063042033441296629204165064680610660631365266976782082747) |
use | string | Intended use of the public key (example: sig) |
x5c | array | Base64-encoded X.509 certificate chain with DER encoding |
x5t#S256 | string | Base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate (example: wzPVobIrveR1x-PCbjsFGNV-6zn7Rm9KuOWOG4Rk6jE) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_identity_provider_keys | select | subdomain | after, limit | Lists all identity provider (IdP) key credentials |
get_identity_provider_key | select | subdomain | Retrieves a specific identity provider (IdP) key credential by kid | |
create_identity_provider_key | insert | subdomain, data__x5c | Creates a new X.509 certificate credential in the identity provider (IdP) key store > Note: RSA-based certificates are supported for all IdP types. Okta currently supports EC-based certificates only for the X509 IdP type. For EC-based certificates we support only P-256, P-384, and P-521 curves. | |
replace_identity_provider_key | replace | subdomain | Replaces an identity provider (IdP) key credential by kid | |
delete_identity_provider_key | delete | subdomain | Deletes a specific identity provider (IdP) key credential by kid if it isn't currently being used by an active or inactive IdP |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination. |
limit | integer | A limit on the number of objects to return |
SELECT examples
- list_identity_provider_keys
- get_identity_provider_key
Lists all identity provider (IdP) key credentials
SELECT
created,
e,
expiresAt,
kid,
kty,
lastUpdated,
n,
use,
x5c,
x5t#S256
FROM okta.idps.keys
WHERE subdomain = '{{ subdomain }}' -- required
AND after = '{{ after }}'
AND limit = '{{ limit }}';
Retrieves a specific identity provider (IdP) key credential by kid
SELECT
created,
e,
expiresAt,
kid,
kty,
lastUpdated,
n,
use,
x5c,
x5t#S256
FROM okta.idps.keys
WHERE subdomain = '{{ subdomain }}' -- required;
INSERT examples
- create_identity_provider_key
- Manifest
Creates a new X.509 certificate credential in the identity provider (IdP) key store
> Note: RSA-based certificates are supported for all IdP types. Okta currently supports EC-based certificates only for the X509 IdP type. For EC-based certificates we support only P-256, P-384, and P-521 curves.
INSERT INTO okta.idps.keys (
data__x5c,
subdomain
)
SELECT
'{{ x5c }}' --required,
'{{ subdomain }}'
RETURNING
created,
e,
expiresAt,
kid,
kty,
lastUpdated,
n,
use,
x5c,
x5t#S256
;
# Description fields are for documentation purposes
- name: keys
props:
- name: subdomain
value: string
description: Required parameter for the keys resource.
- name: x5c
value: array
description: >
Base64-encoded X.509 certificate chain with DER encoding
REPLACE examples
- replace_identity_provider_key
Replaces an identity provider (IdP) key credential by kid
REPLACE okta.idps.keys
SET
data__e = '{{ e }}',
data__kid = '{{ kid }}',
data__kty = '{{ kty }}',
data__n = '{{ n }}',
data__use = '{{ use }}',
data__x5c = '{{ x5c }}',
data__x5t#S256 = '{{ x5t#S256 }}'
WHERE
subdomain = '{{ subdomain }}' --required
RETURNING
created,
e,
expiresAt,
kid,
kty,
lastUpdated,
n,
use,
x5c,
x5t#S256;
DELETE examples
- delete_identity_provider_key
Deletes a specific identity provider (IdP) key credential by kid if it isn't currently being used by an active or inactive IdP
DELETE FROM okta.idps.keys
WHERE subdomain = '{{ subdomain }}' --required;