From 741ab5e10efaf2cd00680875bb9ad75a3bdd9c3a Mon Sep 17 00:00:00 2001
From: Bec Callow <bec.callow@octopus.com>
Date: Wed, 25 Feb 2026 16:49:26 +1000
Subject: [PATCH] feat: Fetch service account OIDC data

---
 pkg/serviceaccounts/oidc_identities.go | 36 ++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/pkg/serviceaccounts/oidc_identities.go b/pkg/serviceaccounts/oidc_identities.go
index eb48e76f..6307b9f8 100644
--- a/pkg/serviceaccounts/oidc_identities.go
+++ b/pkg/serviceaccounts/oidc_identities.go
@@ -9,8 +9,9 @@ import (
 )
 
 type OIDCIdentityQuery struct {
-	Skip int `uri:"skip,omitempty" url:"skip,omitempty"`
-	Take int `uri:"take,omitempty" url:"take,omitempty"`
+	ServiceAccountId string `uri:"serviceAccountId" url:"serviceAccountId"`
+	Skip             int    `uri:"skip" url:"skip"`
+	Take             int    `uri:"take" url:"take"`
 }
 
 type OIDCIdentity struct {
@@ -22,6 +23,13 @@ type OIDCIdentity struct {
 	resources.Resource
 }
 
+type ServiceAccountOIDCIdentitiesResponse struct {
+	ServerUrl      string          `json:"ServerUrl"`
+	ExternalId     string          `json:"ExternalId"`
+	OidcIdentities []*OIDCIdentity `json:"OidcIdentities"`
+	Count          int             `json:"Count"`
+}
+
 // NewOIDCIdentity initializes a Service Account with required fields.
 func NewOIDCIdentity(serviceAccountID string, name string, issuer string, subject string) *OIDCIdentity {
 	return &OIDCIdentity{
@@ -77,6 +85,30 @@ func GetOIDCIdentities(client newclient.Client, query OIDCIdentityQuery) (*resou
 	return res, nil
 }
 
+// GetServiceAccountOIDCData queries the service account and identities for the provided service account ID
+func GetServiceAccountOIDCData(client newclient.Client, query OIDCIdentityQuery) (*ServiceAccountOIDCIdentitiesResponse, error) {
+	if internal.IsEmpty(query.ServiceAccountId) {
+		return nil, internal.CreateInvalidParameterError("GetServiceAccountOIDCData", "query.ServiceAccountId")
+	}
+
+	values, _ := uritemplates.Struct2map(query)
+	if values == nil {
+		values = map[string]any{}
+	}
+
+	path, err := client.URITemplateCache().Expand(serviceAccountOIDCIDQueryTemplate, values)
+	if err != nil {
+		return nil, err
+	}
+
+	res, err := newclient.Get[ServiceAccountOIDCIdentitiesResponse](client.HttpSession(), path)
+	if err != nil {
+		return nil, err
+	}
+
+	return res, nil
+}
+
 // GetOIDCIdentityByID queries OIDC identities by ID for the provided service account ID
 func GetOIDCIdentityByID(client newclient.Client, serviceAccountID string, ID string) (*OIDCIdentity, error) {
 	path, err := client.URITemplateCache().Expand(serviceAccountOIDC, map[string]any{