Federation API

Reference for the Federation endpoint group — 12 endpoints.

Generated from the live OpenAPI spec. Re-run _generate_api_reference.py after backend changes.

Authentication#

All endpoints require a Bearer JWT in the Authorization header unless noted otherwise. See Concepts → Tokens and scopes and Reference → OAuth endpoints for how to obtain one.

Endpoints#

GET /api/v1/auth/tenants/{tenant_slug}/federation/idps#

List Available Idps

List available external Identity Providers for login.

Returns IdPs that users can use to authenticate. This is used by the login page to show SSO buttons.

Parameters:

Responses:

GET /api/v1/auth/tenants/{tenant_slug}/federation/idps#

List Available Idps

List available external Identity Providers for login.

Returns IdPs that users can use to authenticate. This is used by the login page to show SSO buttons.

Parameters:

Responses:

GET /api/v1/auth/tenants/{tenant_slug}/federation/oidc/callback#

Oidc Callback

OIDC callback endpoint.

Receives the authorization code from the external IdP after user authentication, exchanges it for tokens, and creates/updates the local user account.

Parameters:

Responses:

GET /api/v1/auth/tenants/{tenant_slug}/federation/oidc/callback#

Oidc Callback

OIDC callback endpoint.

Receives the authorization code from the external IdP after user authentication, exchanges it for tokens, and creates/updates the local user account.

Parameters:

Responses:

GET /api/v1/auth/tenants/{tenant_slug}/federation/oidc/{idp_id}/authorize#

Oidc Authorize

Initiate OIDC authentication with an external IdP.

This endpoint is called when a user clicks "Sign in with {IdP}" on the login page. It redirects the user to the external IdP for authentication.

The original OAuth parameters are stored in state so they can be restored after the user returns from the IdP.

Parameters:

Responses:

GET /api/v1/auth/tenants/{tenant_slug}/federation/oidc/{idp_id}/authorize#

Oidc Authorize

Initiate OIDC authentication with an external IdP.

This endpoint is called when a user clicks "Sign in with {IdP}" on the login page. It redirects the user to the external IdP for authentication.

The original OAuth parameters are stored in state so they can be restored after the user returns from the IdP.

Parameters:

Responses:

POST /api/v1/auth/tenants/{tenant_slug}/federation/saml/acs#

Saml Acs

SAML Assertion Consumer Service (ACS) endpoint.

Receives the SAML Response from the IdP after user authentication.

Parameters:

Request body:

Required.

• application/x-www-form-urlencoded → Body_saml_acs_api_v1_auth_tenants__tenant_slug__federation_saml_acs_post

Responses:

POST /api/v1/auth/tenants/{tenant_slug}/federation/saml/acs#

Saml Acs

SAML Assertion Consumer Service (ACS) endpoint.

Receives the SAML Response from the IdP after user authentication.

Parameters:

Request body:

Required.

• application/x-www-form-urlencoded → Body_saml_acs_api_v1_auth_tenants__tenant_slug__federation_saml_acs_post

Responses:

GET /api/v1/auth/tenants/{tenant_slug}/federation/saml/metadata#

Saml Metadata

Return SAML SP metadata for the tenant.

External IdPs can use this to configure ScaiKey as a Service Provider.

Parameters:

Responses:

GET /api/v1/auth/tenants/{tenant_slug}/federation/saml/metadata#

Saml Metadata

Return SAML SP metadata for the tenant.

External IdPs can use this to configure ScaiKey as a Service Provider.

Parameters:

Responses:

GET /api/v1/auth/tenants/{tenant_slug}/federation/saml/{idp_id}/login#

Saml Login

Initiate SAML authentication with an external IdP.

Creates a SAML AuthnRequest and redirects the user to the IdP's SSO URL.

Parameters:

Responses:

GET /api/v1/auth/tenants/{tenant_slug}/federation/saml/{idp_id}/login#

Saml Login

Initiate SAML authentication with an external IdP.

Creates a SAML AuthnRequest and redirects the user to the IdP's SSO URL.

Parameters:

Responses:

Schemas#

Definitions for every type referenced by the endpoints above. Schema-to-schema references on this page link within the page; cross-page references would require visiting the linked page.

Body_saml_acs_api_v1_auth_tenants__tenant_slug__federation_saml_acs_post#

HTTPValidationError#

ValidationError#