OctopusDeploy · bec-callow-oct · Feb 26, 2026 · Feb 25, 2026 · Rose-Northey · Feb 25, 2026
diff --git a/pkg/serviceaccounts/oidc_identities.go b/pkg/serviceaccounts/oidc_identities.go
@@ -9,8 +9,9 @@ import (
 )
 
 type OIDCIdentityQuery struct {
-	Skip int `uri:"skip,omitempty" url:"skip,omitempty"`
-	Take int `uri:"take,omitempty" url:"take,omitempty"`
+	ServiceAccountId string `uri:"serviceAccountId" url:"serviceAccountId"`
+	Skip             int    `uri:"skip" url:"skip"`
+	Take             int    `uri:"take" url:"take"`
 }
 
 type OIDCIdentity struct {
@@ -22,6 +23,13 @@ type OIDCIdentity struct {
 	resources.Resource
 }
 
+type ServiceAccountOIDCIdentitiesResponse struct {
+	ServerUrl      string          `json:"ServerUrl"`
+	ExternalId     string          `json:"ExternalId"`
+	OidcIdentities []*OIDCIdentity `json:"OidcIdentities"`
+	Count          int             `json:"Count"`
+}
+
 // NewOIDCIdentity initializes a Service Account with required fields.
 func NewOIDCIdentity(serviceAccountID string, name string, issuer string, subject string) *OIDCIdentity {
 	return &OIDCIdentity{
@@ -77,6 +85,30 @@ func GetOIDCIdentities(client newclient.Client, query OIDCIdentityQuery) (*resou
 	return res, nil
 }
 
+// GetServiceAccountOIDCData queries the service account and identities for the provided service account ID
+func GetServiceAccountOIDCData(client newclient.Client, query OIDCIdentityQuery) (*ServiceAccountOIDCIdentitiesResponse, error) {
+	if internal.IsEmpty(query.ServiceAccountId) {
+		return nil, internal.CreateInvalidParameterError("GetServiceAccountOIDCData", "query.ServiceAccountId")
+	}
+
+	values, _ := uritemplates.Struct2map(query)
+	if values == nil {
+		values = map[string]any{}
+	}
+
+	path, err := client.URITemplateCache().Expand(serviceAccountOIDCIDQueryTemplate, values)
+	if err != nil {
+		return nil, err
+	}
+
+	res, err := newclient.Get[ServiceAccountOIDCIdentitiesResponse](client.HttpSession(), path)
+	if err != nil {
+		return nil, err
+	}
+
+	return res, nil
+}
+
 // GetOIDCIdentityByID queries OIDC identities by ID for the provided service account ID
 func GetOIDCIdentityByID(client newclient.Client, serviceAccountID string, ID string) (*OIDCIdentity, error) {
 	path, err := client.URITemplateCache().Expand(serviceAccountOIDC, map[string]any{