> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://docs.nvidia.com/infra-controller/llms.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.nvidia.com/infra-controller/_mcp/server. # Retrieve OpenID Configuration for current Org GET https://nico-rest-api.nico.svc.cluster.local/v2/org/{org}/nico/site/{siteID}/.well-known/openid-configuration Public OIDC discovery document pointing at the JWKS URIs. No authentication required. `id_token_signing_alg_values_supported` is intentionally empty because NICo issues bearer access JWTs, not OIDC `id_token`s; strict OIDC client libraries that require a non-empty algorithm list will reject this document. Use the JWKS endpoint directly for signature verification. Returns `404` when no identity material exists for this org/site. Reference: https://docs.nvidia.com/infra-controller/infra-controller/rest-api-reference/api-reference/tenant-identity/get-openid-configuration ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: NVIDIA Infra Controller REST API version: 1.0.0 paths: /v2/org/{org}/nico/site/{siteID}/.well-known/openid-configuration: get: operationId: get-openid-configuration summary: Retrieve OpenID Configuration for current Org description: >- Public OIDC discovery document pointing at the JWKS URIs. No authentication required. `id_token_signing_alg_values_supported` is intentionally empty because NICo issues bearer access JWTs, not OIDC `id_token`s; strict OIDC client libraries that require a non-empty algorithm list will reject this document. Use the JWKS endpoint directly for signature verification. Returns `404` when no identity material exists for this org/site. tags: - subpackage_tenantIdentity parameters: - name: org in: path description: Name of the Org required: true schema: type: string - name: siteID in: path description: ID of the Site required: true schema: type: string format: uuid responses: '200': description: OpenID discovery document content: application/json: schema: $ref: '#/components/schemas/OpenIDConfiguration' '404': description: Error response when requested object is not found content: application/json: schema: $ref: '#/components/schemas/NICoAPIError' '500': description: Response when the API handler encounters an unexpected error content: application/json: schema: $ref: '#/components/schemas/NICoAPIError' '503': description: Response when the API handler encounters an unexpected error content: application/json: schema: $ref: '#/components/schemas/NICoAPIError' servers: - url: https://nico-rest-api.nico.svc.cluster.local description: Kubernetes Cluster components: schemas: OpenIDConfiguration: type: object properties: issuer: type: string description: Issuer URL for OpenID Connect discovery jwks_uri: type: string format: uri description: URL of the JSON Web Key Set used to verify tokens response_types_supported: type: array items: type: string description: OAuth response types supported by this issuer subject_types_supported: type: array items: type: string description: Subject identifier types supported by this issuer id_token_signing_alg_values_supported: type: array items: type: string description: ID token signing algorithms supported by this issuer spiffe_jwks_uri: type: string format: uri description: URL of the SPIFFE JSON Web Key Set used to verify SPIFFE JWT-SVIDs description: |- OIDC discovery document. Note: `id_token_signing_alg_values_supported` is always empty because NICo issues JWT bearer access tokens, not OIDC `id_token`s. title: OpenIDConfiguration NiCoApiErrorSource: type: string enum: - nico description: Source of the error. title: NiCoApiErrorSource NiCoApiErrorData: type: object properties: {} description: Additional data about the error title: NiCoApiErrorData NICoAPIError: type: object properties: source: $ref: '#/components/schemas/NiCoApiErrorSource' description: Source of the error. message: type: string description: Message describing the error data: oneOf: - $ref: '#/components/schemas/NiCoApiErrorData' - type: 'null' description: Additional data about the error description: Describes the error response from NVIDIA Infra Controller REST API title: NICoAPIError ``` ## Examples **Request** ```json {} ``` **Response** ```json { "issuer": "https://auth.acme-inc.com/nico", "jwks_uri": "https://auth.acme-inc.com/nico/site/3fa85f64-5717-4562-b3fc-2c963f66afa6/jwks", "response_types_supported": [ "token" ], "subject_types_supported": [ "public" ], "id_token_signing_alg_values_supported": [], "spiffe_jwks_uri": "https://auth.acme-inc.com/nico/site/3fa85f64-5717-4562-b3fc-2c963f66afa6/spiffe-jwks" } ``` **SDK Code** ```python import requests url = "https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/.well-known/openid-configuration" payload = {} headers = {"Content-Type": "application/json"} response = requests.get(url, json=payload, headers=headers) print(response.json()) ``` ```javascript const url = 'https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/.well-known/openid-configuration'; const options = {method: 'GET', headers: {'Content-Type': 'application/json'}, body: '{}'}; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/.well-known/openid-configuration" payload := strings.NewReader("{}") req, _ := http.NewRequest("GET", url, payload) req.Header.Add("Content-Type", "application/json") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/.well-known/openid-configuration") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Get.new(url) request["Content-Type"] = 'application/json' request.body = "{}" response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.get("https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/.well-known/openid-configuration") .header("Content-Type", "application/json") .body("{}") .asString(); ``` ```php request('GET', 'https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/.well-known/openid-configuration', [ 'body' => '{}', 'headers' => [ 'Content-Type' => 'application/json', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/.well-known/openid-configuration"); var request = new RestRequest(Method.GET); request.AddHeader("Content-Type", "application/json"); request.AddParameter("application/json", "{}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = ["Content-Type": "application/json"] let parameters = [] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/.well-known/openid-configuration")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "GET" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```