Obtaining an Unscoped Token with an OpenID Connect ID Token
Function
This API is used to obtain an unscoped token using an OpenID Connect ID token.
The API can be called using both the global endpoint and region-specific endpoints.
URI
POST /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
idp_id |
Yes |
String |
Identity provider name. |
protocol_id |
Yes |
String |
Protocol ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Authorization |
Yes |
String |
ID token of the identity provider. The format is Bearer {ID Token}. |
Response Parameters
Status code: 201
Parameter |
Type |
Description |
---|---|---|
X-Subject-Token |
String |
Signed token. |
Parameter |
Type |
Description |
---|---|---|
object |
Details about the obtained token. |
Parameter |
Type |
Description |
---|---|---|
expires_at |
String |
Time when the token will expire.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
methods |
Array of strings |
Token obtaining method. The default value for federated authentication is mapped. |
issued_at |
String |
Time when the token was issued.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
object |
User details. |
|
Array of objects |
Role or policy details. |
|
Array of objects |
Catalog details. |
Parameter |
Type |
Description |
---|---|---|
object |
Federated user details. |
|
object |
Account details. |
|
id |
String |
User ID. |
name |
String |
Username. |
Parameter |
Type |
Description |
---|---|---|
object |
Identity provider details. |
|
object |
Protocol details. |
|
Array of objects |
User group details. |
Parameter |
Type |
Description |
---|---|---|
id |
String |
User group ID. |
name |
String |
User group name. |
Example Request
Request for obtaining an unscoped token with an OpenID Connect ID token
POST https://{address}/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth
Example Response
Status code: 201
The token is obtained successfully.
{ "token" : { "expires_at" : "2018-03-13T03:00:01.168000Z", "methods" : [ "mapped" ], "issued_at" : "2018-03-12T03:00:01.168000Z", "user" : { "OS-FEDERATION" : { "identity_provider" : { "id" : "idptest" }, "protocol" : { "id" : "oidc" }, "groups" : [ { "name" : "admin", "id" : "45a8c8f..." } ] }, "domain" : { "id" : "063bb260a480...", "name" : "IAMDomain" }, "name" : "FederationUser", "id" : "suvmgvUZc4PaCOEc..." } } }
Status code: 400
Invalid parameters.
{ "error" : { "code" : 400, "message" : "Request parameter 'idp id' is invalid.", "title" : "Bad Request" } }
Status code: 401
Authentication failed.
{ "error" : { "code" : 401, "message" : "The request you have made requires authentication.", "title" : "Unauthorized" } }
Status code: 403
Access denied.
{ "error" : { "code" : 403, "message" : "You are not authorized to perform the requested action.", "title" : "Forbidden" } }
Status code: 404
The server could not find the requested page.
{ "error" : { "code" : 404, "message" : "Could not find %(target)s: %(target_id)s.", "title" : "Not Found" } }
Status code: 500
Internal system error.
{ "error" : { "code" : 500, "message" : "An unexpected error prevented the server from fulfilling your request.", "title" : "Internal Server Error" } }
Status Codes
Status Code |
Description |
---|---|
201 |
The token is obtained successfully. |
400 |
Invalid parameters. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The server could not find the requested page. |
500 |
Internal system error. |
Error Codes
For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.