Skip to main content
POST
/
api
/
v1
/
workload_federation
/
providers
CreateProvider
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.WorkloadFederation.CreateProvider(ctx, nil)
    if err != nil {
        log.Fatal(err)
    }
    if res.WorkloadFederationServiceCreateProviderResponse != nil {
        // handle response
    }
}
{
  "provider": {
    "createdAt": "2023-11-07T05:31:56Z",
    "description": "<string>",
    "disabled": true,
    "displayName": "<string>",
    "id": "<string>",
    "issuerUrl": "<string>",
    "updatedAt": "2023-11-07T05:31:56Z",
    "wellKnownProvider": "WELL_KNOWN_WORKLOAD_PROVIDER_UNSPECIFIED"
  }
}

Documentation Index

Fetch the complete documentation index at: https://conductorone-groman-network-requirements-updates.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Body

application/json

The WorkloadFederationServiceCreateProviderRequest message.

description
string

A description of what this provider is for.

displayName
string

The display name for the new provider.

issuerUrl
string

The OIDC issuer URL. Will be validated via OIDC discovery. Normalized on write: lowercase host, no trailing slash, HTTPS only.

wellKnownProvider
enum<string>

Well-known provider type. Required -- UNSPECIFIED is rejected. When set to a named source, the backend validates issuer_url consistency.

Available options:
WELL_KNOWN_WORKLOAD_PROVIDER_UNSPECIFIED,
WELL_KNOWN_WORKLOAD_PROVIDER_CUSTOM,
WELL_KNOWN_WORKLOAD_PROVIDER_GITHUB_ACTIONS,
WELL_KNOWN_WORKLOAD_PROVIDER_GITLAB_CI,
WELL_KNOWN_WORKLOAD_PROVIDER_HCP_TERRAFORM,
WELL_KNOWN_WORKLOAD_PROVIDER_AWS_IAM_OUTBOUND

Response

200 - application/json

Successful response

The WorkloadFederationServiceCreateProviderResponse message.

provider
Workload Federation Provider · object

WorkloadFederationProvider represents a tenant-level OIDC issuer registration.