Modifying an OpenID Connect Identity Provider
Function
This API is provided for the administrator to modify an OpenID Connect identity provider.
The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
URI
PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
idp_id |
Yes |
String |
Identity provider ID. Length: 1 to 64 characters |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
|
X-Auth-Token |
Yes |
String |
Token with Security Administrator permissions. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
Yes |
object |
OpenID Connect configurations. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
access_mode |
No |
String |
Access type. Options:
|
|
idp_url |
No |
String |
URL of the OpenID Connect identity provider. This field corresponds to the iss field in the ID token. Length: 10 to 255 characters |
|
client_id |
No |
String |
ID of a client registered with the OpenID Connect identity provider. Length: 5 to 255 characters |
|
authorization_endpoint |
No |
String |
Authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to programmatic access and management console access. Length: 10 to 255 characters |
|
scope |
No |
String |
Scopes of authorization requests. This field is required only if the access type is set to programmatic access and management console access. Enumerated values:
|
|
response_type |
No |
String |
Response type. This field is required only if the access type is set to programmatic access and management console access. Enumerated value:
|
|
response_mode |
No |
String |
Response mode. This field is required only if the access type is set to programmatic access and management console access. Enumerated values:
|
|
signing_key |
No |
String |
Public key used to sign the ID token of the OpenID Connect identity provider. Length: 10 to 30,000 characters Format example: {
"keys":[
{
"kid":"d05ef20c4512645vv1..." ,
"n":"cws_cnjiwsbvweolwn_-vnl...",
"e":"AQAB",
"kty":"RSA",
"use":"sig",
"alg":"RS256"
}
]
} |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
object |
OpenID Connect configurations. |
|
Parameter |
Type |
Description |
|---|---|---|
|
access_mode |
String |
Access type. Options:
|
|
idp_url |
String |
URL of the OpenID Connect identity provider. This field corresponds to the iss field in the ID token. |
|
client_id |
String |
ID of a client registered with the OpenID Connect identity provider. |
|
authorization_endpoint |
String |
Authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to programmatic access and management console access. |
|
scope |
String |
Scopes of authorization requests. This field is required only if the access type is set to programmatic access and management console access. Enumerated values:
|
|
response_type |
String |
Response type. This field is required only if the access type is set to programmatic access and management console access. Enumerated value:
|
|
response_mode |
String |
Response mode. This field is required only if the access type is set to programmatic access and management console access. Enumerated values:
|
|
signing_key |
String |
Public key used to sign the ID token of the OpenID Connect identity provider. |
Example Request
- Modifying an identity provider that supports programmatic access
PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config { "openid_connect_config" : { "access_mode" : "program", "idp_url" : "https://accounts.example.com", "client_id" : "client_id_example", "signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}" } } - Modifying an identity provider that supports programmatic access and management console access
PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config { "openid_connect_config" : { "access_mode" : "program_console", "idp_url" : "https://accounts.example.com", "client_id" : "client_id_example", "authorization_endpoint" : "https://accounts.example.com/o/oauth2/v2/auth", "scope" : "openid", "response_type" : "id_token", "response_mode" : "form_post", "signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}" } }
Example Response
Status code: 200
{
"openid_connect_config" : {
"access_mode" : "program_console",
"idp_url" : "https://accounts.example.com",
"client_id" : "client_id_example",
"authorization_endpoint" : "https://accounts.example.com/o/oauth2/v2/auth",
"scope" : "openid",
"response_type" : "id_token",
"response_mode" : "form_post",
"signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}"
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
The request is successful. |
|
400 |
Invalid parameters. |
|
401 |
Authentication failed. |
|
403 |
Access denied. |
|
404 |
The requested resource cannot be found. |
|
500 |
Internal server error. |
Error Codes
For details, see Error Codes.
Last Article: Creating an OpenID Connect Identity Provider Configuration
Next Article: Querying an OpenID Connect Identity Provider
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.