--- title: OAuth2TrustedJWTIssuerAgentGroups description: Agent Groups handler that is responsible for managing agent groups component: pingam version: 8.1 page_id: pingam:entity-reference:sec-amster-entity-oauth2trustedjwtissueragentgroups canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-oauth2trustedjwtissueragentgroups.html section_ids: sec-amster-entity-oauth2trustedjwtissueragentgroups-realm-ops: Realm Operations sec-amster-entity-oauth2trustedjwtissueragentgroups-realm-ops-create: create sec-amster-entity-oauth2trustedjwtissueragentgroups-realm-ops-delete: delete sec-amster-entity-oauth2trustedjwtissueragentgroups-realm-ops-getalltypes: getAllTypes sec-amster-entity-oauth2trustedjwtissueragentgroups-realm-ops-getcreatabletypes: getCreatableTypes sec-amster-entity-oauth2trustedjwtissueragentgroups-realm-ops-nextdescendents: nextdescendents sec-amster-entity-oauth2trustedjwtissueragentgroups-realm-ops-query: query sec-amster-entity-oauth2trustedjwtissueragentgroups-realm-ops-read: read sec-amster-entity-oauth2trustedjwtissueragentgroups-realm-ops-update: update --- # OAuth2TrustedJWTIssuerAgentGroups ## Realm Operations Agent Groups handler that is responsible for managing agent groups Resource path: ``` /realm-config/agents/groups/TrustedJwtIssuer ``` Resource version: `0.0` ### create **Usage** ``` am> create OAuth2TrustedJWTIssuerAgentGroups --realm Realm --id id --body body ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "jwkSet" : { "title" : "JWK Set", "description" : "Manually entered JWK Set of verification keys to validate the JWT signature.", "propertyOrder" : 30, "required" : false, "type" : "string", "exampleValue" : "" }, "allowedSubjects" : { "title" : "Allowed Subjects", "description" : "List of subjects which this provider is allowed to provide consent for. If blank then the provider can provide consent for any user in this realm.", "propertyOrder" : 60, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "consentedScopesClaim" : { "title" : "Consented Scopes Claim", "description" : "Optional claim within the JWT that lists the scopes that the user has consented to. The scopes can be represented either as a JSON array of strings, or as a single space-separated string.", "propertyOrder" : 40, "required" : false, "type" : "string", "exampleValue" : "" }, "issuer" : { "title" : "JWT Issuer", "description" : "Expected 'iss' claim identifier for this JWT issuer.", "propertyOrder" : 10, "required" : true, "type" : "string", "exampleValue" : "" }, "jwksUri" : { "title" : "JWKs URI", "description" : "URI to retrieve JWK verification keys from to validate the JWT signature.", "propertyOrder" : 20, "required" : false, "type" : "string", "exampleValue" : "" }, "jwkStoreCacheMissCacheTime" : { "title" : "JWKs URI content cache miss cache time", "description" : "To avoid loading the JWKS URI content for every operation, especially when the kid is not in the jwks content already cached, the JWKS content will be cached for a minimum period of time. This cache miss cache time defines the minimum amount of time the JWKS URI content is cached.", "propertyOrder" : 80, "required" : false, "type" : "integer", "exampleValue" : "" }, "resourceOwnerIdentityClaim" : { "title" : "Resource Owner Identity Claim", "description" : "Claim in the JWT that identifies the resource owner account in AM. Defaults to \"sub\".", "propertyOrder" : 50, "required" : false, "type" : "string", "exampleValue" : "" }, "jwksCacheTimeout" : { "title" : "JWKs URI content cache timeout in ms", "description" : "To avoid loading the JWKS URI content for every operation, the JWKS content is cached. This timeout defines the maximum amount of time the JWKS URI content can be cached before being refreshed.", "propertyOrder" : 70, "required" : false, "type" : "integer", "exampleValue" : "" } } } ``` ### delete **Usage** ``` am> delete OAuth2TrustedJWTIssuerAgentGroups --realm Realm --id id ``` **Parameters** * *\--id* The unique identifier for the resource. ### getAllTypes Obtain the collection of all secondary configuration types related to the resource. **Usage** ``` am> action OAuth2TrustedJWTIssuerAgentGroups --realm Realm --actionName getAllTypes ``` ### getCreatableTypes Obtain the collection of secondary configuration types that have yet to be added to the resource. **Usage** ``` am> action OAuth2TrustedJWTIssuerAgentGroups --realm Realm --actionName getCreatableTypes ``` ### nextdescendents Obtain the collection of secondary configuration instances that have been added to the resource. **Usage** ``` am> action OAuth2TrustedJWTIssuerAgentGroups --realm Realm --actionName nextdescendents ``` ### query Querying the agent groups of a specific type **Usage** ``` am> query OAuth2TrustedJWTIssuerAgentGroups --realm Realm --filter filter ``` **Parameters** * *\--filter* A CREST formatted query filter, where "true" will query all. ### read **Usage** ``` am> read OAuth2TrustedJWTIssuerAgentGroups --realm Realm --id id ``` **Parameters** * *\--id* The unique identifier for the resource. ### update **Usage** ``` am> update OAuth2TrustedJWTIssuerAgentGroups --realm Realm --id id --body body ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "jwkSet" : { "title" : "JWK Set", "description" : "Manually entered JWK Set of verification keys to validate the JWT signature.", "propertyOrder" : 30, "required" : false, "type" : "string", "exampleValue" : "" }, "allowedSubjects" : { "title" : "Allowed Subjects", "description" : "List of subjects which this provider is allowed to provide consent for. If blank then the provider can provide consent for any user in this realm.", "propertyOrder" : 60, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "consentedScopesClaim" : { "title" : "Consented Scopes Claim", "description" : "Optional claim within the JWT that lists the scopes that the user has consented to. The scopes can be represented either as a JSON array of strings, or as a single space-separated string.", "propertyOrder" : 40, "required" : false, "type" : "string", "exampleValue" : "" }, "issuer" : { "title" : "JWT Issuer", "description" : "Expected 'iss' claim identifier for this JWT issuer.", "propertyOrder" : 10, "required" : true, "type" : "string", "exampleValue" : "" }, "jwksUri" : { "title" : "JWKs URI", "description" : "URI to retrieve JWK verification keys from to validate the JWT signature.", "propertyOrder" : 20, "required" : false, "type" : "string", "exampleValue" : "" }, "jwkStoreCacheMissCacheTime" : { "title" : "JWKs URI content cache miss cache time", "description" : "To avoid loading the JWKS URI content for every operation, especially when the kid is not in the jwks content already cached, the JWKS content will be cached for a minimum period of time. This cache miss cache time defines the minimum amount of time the JWKS URI content is cached.", "propertyOrder" : 80, "required" : false, "type" : "integer", "exampleValue" : "" }, "resourceOwnerIdentityClaim" : { "title" : "Resource Owner Identity Claim", "description" : "Claim in the JWT that identifies the resource owner account in AM. Defaults to \"sub\".", "propertyOrder" : 50, "required" : false, "type" : "string", "exampleValue" : "" }, "jwksCacheTimeout" : { "title" : "JWKs URI content cache timeout in ms", "description" : "To avoid loading the JWKS URI content for every operation, the JWKS content is cached. This timeout defines the maximum amount of time the JWKS URI content can be cached before being refreshed.", "propertyOrder" : 70, "required" : false, "type" : "integer", "exampleValue" : "" } } } ```