43.8.1OpenID Connect Keystores Endpoint

 

The OpenID Connect Keystores Endpoint can be used to create, read, and update OIDC keystore definitions that are stored in Smile CDR.

43.8.2Fetch All OpenID Connect Keystore Definitions

 
This method requires the OPENID_CONNECT_MANAGE_KEYSTORES permission.

This method will fetch all keystores stored in the system.


Request:

GET http://localhost:9000/keystores/

You may also add the following URL parameters:

  • pageIndex=[index] – The index of the page to return to the user (0 is the first page)
  • pageSize=[size] – The size of the page to return to the user (e.g. 100)

Response:

This operation returns a JSON document object of type OAuth2Keystores. This object will then contain individual definitions of the type OAuth2Keystore.

Note that actual keystore keys are hidden in response objects. Only the keystore ID and the file path (if present) will be returned.

Example:

{
  "keystores": [
    {
      "keystoreId": "default-keystore",
      "filePath": "classpath:/smilecdr-demo.jwks"
    }
  ]
}

43.8.3Fetch OpenID Connect Keystore Definition by ID

 
This method requires the OPENID_CONNECT_MANAGE_KEYSTORES permission.

This method will fetch a single keystore stored in the system.


Request:

GET http://localhost:9000/kaystores/[keystore_id]

Response:

This operation returns a JSON document object of type OAuth2Keystore.

Note that actual keystore keys are hidden in response objects. Only the keystore ID and the file path (if present) will be returned.

43.8.4Create OpenID Connect Keystore Definition

 
This method requires the OPENID_CONNECT_MANAGE_KEYSTORES permission.

This method will create a new keystore definition.


Request:

POST http://localhost:9000/keystores/

This operation accepts a JSON document object of type OAuth2Keystore. Example:

{
	"keystoreId": "default-keystore",
	"filePath": "classpath:/smilecdr-demo.jwks"
}

43.8.5Update OpenID Connect Keystore Definition

 
This method requires the OPENID_CONNECT_MANAGE_KEYSTORES permission.

This method update an existing server definition.


Request:

PUT http://localhost:9000/keystores/[keystore_id]

This operation accepts a JSON document object of type OAuth2Keystore. Example:

{
	"keystoreId": "default-keystore",
	"filePath": "classpath:/smilecdr-demo.jwks"
}

43.8.6Delete OpenID Connect Keystore Definition

 
This method requires the OPENID_CONNECT_MANAGE_KEYSTORES permission.

This method deletes an existing keystore definition from the system. This operation is permanent and cannot be undone. Ensure that no modules are actively using the keystore before deletion.


Request:

DELETE http://localhost:9000/keystores/[keystore_id]

Note the following path element:

  • keystore_id – The unique identifier of the keystore to delete.

Response:

The server will respond with an HTTP 204 (No Content) status if the deletion is successful.

Error Response:

If the keystore is in use or cannot be deleted, the server will return an HTTP 409 (Conflict) response:

{
  "statusCode": 409,
  "messages": [
    {
      "message": "Keystore 'default-keystore' is in use by module 'smart_auth' and cannot be deleted"
    }
  ]
}