Obtaining an Unscoped Token with an OpenID Connect ID Token
Function
This API is used to obtain an unscoped token using an OpenID Connect ID token.
The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
URI
POST /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
idp_id |
Yes |
String |
Identity provider name. |
|
protocol_id |
Yes |
String |
Protocol ID. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
Authorization |
Yes |
String |
ID token of the identity provider. The format is Bearer {ID Token}. |
Response Parameters
Status code: 201
|
Parameter |
Type |
Description |
|---|---|---|
|
X-Subject-Token |
String |
Signed token. |
|
Parameter |
Type |
Description |
|---|---|---|
|
object |
Details about the obtained token. |
|
Parameter |
Type |
Description |
|---|---|---|
|
expires_at |
String |
Time when the token will expire. |
|
methods |
Array of strings |
Token obtaining method. The default value for federated authentication is mapped. |
|
issued_at |
String |
Time when the token was issued. |
|
object |
User details. |
|
|
Array of objects |
Role or policy details. |
|
|
Array of objects |
Catalog details. |
|
Parameter |
Type |
Description |
|---|---|---|
|
object |
Federated user details. |
|
|
object |
Account details. |
|
|
id |
String |
User ID. |
|
name |
String |
Username. |
|
Parameter |
Type |
Description |
|---|---|---|
|
object |
Identity provider details. |
|
|
object |
Protocol details. |
|
|
Array of objects |
User group details. |
|
Parameter |
Type |
Description |
|---|---|---|
|
id |
String |
User group ID. |
|
name |
String |
User group name. |
Example Request
POST https://{address}/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth
Example Response
Status code: 201
The token is obtained successfully.
{
"token" : {
"expires_at" : "2018-03-13T03:00:01.168000Z",
"methods" : [ "mapped" ],
"issued_at" : "2018-03-12T03:00:01.168000Z",
"user" : {
"OS-FEDERATION" : {
"identity_provider" : {
"id" : "idptest"
},
"protocol" : {
"id" : "oidc"
},
"groups" : [ {
"name" : "admin",
"id" : "45a8c8f..."
} ]
},
"domain" : {
"id" : "063bb260a480...",
"name" : "IAMDomain"
},
"name" : "FederationUser",
"id" : "suvmgvUZc4PaCOEc..."
}
}
}
Status code: 400
Invalid parameters.
{
"error" : {
"code" : 400,
"message" : "Request parameter 'idp id' is invalid.",
"title" : "Bad Request"
}
}
Status code: 401
Authentication failed.
{
"error" : {
"code" : 401,
"message" : "The request you have made requires authentication.",
"title" : "Unauthorized"
}
}
Status code: 403
Access denied.
{
"error" : {
"code" : 403,
"message" : "You are not authorized to perform the requested action.",
"title" : "Forbidden"
}
}
Status code: 404
The server could not find the requested page.
{
"error" : {
"code" : 404,
"message" : "Could not find %(target)s: %(target_id)s.",
"title" : "Not Found"
}
}
Status code: 500
Internal system error.
{
"error" : {
"code" : 500,
"message" : "An unexpected error prevented the server from fulfilling your request.",
"title" : "Internal Server Error"
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
201 |
The token is obtained successfully. |
|
400 |
Invalid parameters. |
|
401 |
Authentication failed. |
|
403 |
Access denied. |
|
404 |
The server could not find the requested page. |
|
500 |
Internal system error. |
Error Codes
For details, see Error Codes.
Last Article: Obtaining a Token with an OpenID Connect ID Token
Next Article: Listing Accounts Accessible to Federated Users
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.