Skip to content
getgeolens.com
GeoLens DocsEarly release

List Oauth Providers

GET
/settings/oauth-providers/
 
curl --request GET \
  --url https://example.com/api/settings/oauth-providers/ \
  --header 'Authorization: Bearer <token>'

List all OAuth providers (admin only).

Authorizations

Section titled “Authorizations ”

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Successful Response

Media type application/json
Response List Oauth Providers Settings Oauth Providers Get
Array<object>
OAuthProviderResponse

Response schema for OAuth/SAML provider.

Write-only credentials are never exposed:

  • client_secret_encrypted (OAuth client secret) — excluded.
  • idp_certificate (SAML IdP signing cert, Fernet-encrypted at rest) — excluded.

The 3 non-secret SAML fields (idp_entity_id, idp_sso_url, sp_entity_id) ARE exposed so the admin UI can display them.

Pitfall 11 interaction: those 3 fields are declared with deferred=True on the OAuth ORM model so community DBs (which lack the columns) do not crash on SELECT. Pydantic’s from_attributes=True would normally trigger an implicit deferred load on attribute access, which fails under FastAPI’s async context with MissingGreenlet. The model_validator(mode="before") below reads the SAML fields directly from obj.__dict__ so unloaded attributes default to None instead of triggering IO. SAML admin endpoints that need the values must use undefer_group("saml") at query time.

object
id
required
Id

Unique provider identifier.

string format: uuid
slug
required
Slug

URL-safe identifier used in the callback URL.

string
display_name
required
Display Name

Label shown on the login page button.

string
provider_type
required
Provider Type

Provider type: ‘google’, ‘microsoft’, ‘oidc’, or ‘saml’.

string
client_id
Any of:
string
discovery_url
Any of:
string
authorize_url
Any of:
string
token_url
Any of:
string
userinfo_url
Any of:
string
idp_entity_id
Any of:
string
idp_sso_url
Any of:
string
sp_entity_id
Any of:
string
scopes
required
Scopes

Space-separated OAuth scopes.

string
default_role
required
Default Role

Default role assigned to new users.

string
group_claim
Any of:
string
group_role_mapping
Any of:
object
key
additional properties
any
enabled
required
Enabled

Whether the provider button appears on the login page.

boolean
created_at
required
Created At

Timestamp the provider was created.

string format: date-time
updated_at
required
Updated At

Timestamp the provider was last updated.

string format: date-time
Example generated
[
  {
    "id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
    "slug": "example",
    "display_name": "example",
    "provider_type": "example",
    "client_id": "example",
    "discovery_url": "example",
    "authorize_url": "example",
    "token_url": "example",
    "userinfo_url": "example",
    "idp_entity_id": "example",
    "idp_sso_url": "example",
    "sp_entity_id": "example",
    "scopes": "example",
    "default_role": "example",
    "group_claim": "example",
    "group_role_mapping": {},
    "enabled": true,
    "created_at": "2026-04-15T12:00:00Z",
    "updated_at": "2026-04-15T12:00:00Z"
  }
]

400

Section titled “400 ”

Bad request — invalid query parameters or payload

401

Section titled “401 ”

Unauthorized — missing or invalid credentials

403

Section titled “403 ”

Forbidden — caller lacks access to this resource

404

Section titled “404 ”

Not found

422

Section titled “422 ”

Validation error

500

Section titled “500 ”

Internal server error