Skip to main content
POST
/
api
/
v1
/
ssf-receiver-streams
/
{id}
/
test
Test
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.SSFReceiverStream.Test(ctx, operations.C1APISSFReceiverV1SSFReceiverStreamServiceTestRequest{
        ID: "<id>",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.SSFReceiverStreamServiceTestResponse != nil {
        // handle response
    }
}
{
  "activeRefreshTokenCount": 123,
  "activeSessionCount": 123,
  "configuredSessionRevokedAction": "SSF_REVOCATION_ACTION_UNSPECIFIED",
  "identityLinkFound": true,
  "jwksError": "<string>",
  "jwksKeyCount": 123,
  "jwksReachable": true,
  "matchedUserId": "<string>",
  "ready": true,
  "upstreamSubject": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://conductorone-groman-network-requirements-updates.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Path Parameters

id
string
required

The ID of the SSF receiver stream to test.

Body

application/json

SSFReceiverStreamServiceTestRequest identifies the stream to test and an optional subject for identity resolution validation.

testSubject
string

The upstream identifier to test resolution with. Typically an email address (e.g., "alice@company.com") — the same value the IdP would send in a SET subject. The Test RPC runs resolveSubject on this to verify the identity mapping works. Optional: upstream identifier (email) to test identity resolution. If empty, only JWKS reachability is tested.

Response

200 - application/json

SSFReceiverStreamServiceTestResponse reports the results of the stream configuration test across JWKS, identity, and action readiness checks.

SSFReceiverStreamServiceTestResponse reports the results of the stream configuration test across JWKS, identity, and action readiness checks.

activeRefreshTokenCount
integer<int32>

Number of active refresh tokens for the matched user that would be affected.

activeSessionCount
integer<int32>

Number of active sessions for the matched user that would be affected.

configuredSessionRevokedAction
enum<string>

Step 3: Action preview. The action configured for session-revoked events on this stream.

Available options:
SSF_REVOCATION_ACTION_UNSPECIFIED,
SSF_REVOCATION_ACTION_REVOKE_ALL,
SSF_REVOCATION_ACTION_LOG_ONLY
identityLinkFound
boolean

Step 2: Identity mapping. Whether the test subject was resolved to a ConductorOne user.

jwksError
string

Error message if the JWKS endpoint could not be reached or returned invalid data.

jwksKeyCount
integer<int32>

Number of signing keys found at the JWKS endpoint.

jwksReachable
boolean

Step 1: JWKS reachability. Whether the JWKS endpoint was reachable and returned valid keys.

matchedUserId
string

The ConductorOne user ID the test subject maps to, if an identity link was found.

ready
boolean

Overall readiness. Whether the stream passed all test checks and is ready to process events.

upstreamSubject
string

The upstream IdP subject identifier (e.g., Okta user ID "00u1234") resolved from the test subject.