Creating an OpenID Connect Identity Provider Configuration
Function
This API is provided for the administrator to create an OpenID Connect identity provider configuration after creating an identity provider and registering a protocol (OpenID Connect).
The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
Debugging
You can debug this API in API Explorer.
URI
POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
idp_id |
Yes |
String |
Identity provider name. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
|
X-Auth-Token |
Yes |
String |
Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
Yes |
object |
OpenID Connect configurations. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
access_mode |
Yes |
String |
Access type. Options:
|
|
idp_url |
Yes |
String |
URL of the OpenID Connect identity provider. This field corresponds to the iss field in the ID token. Length: 10 to 255 characters. |
|
client_id |
Yes |
String |
ID of a client registered with the OpenID Connect identity provider. Length: 5 to 255 characters. |
|
authorization_endpoint |
No |
String |
Authorization endpoint of the OpenID Connect identity provider. This parameter is mandatory when the access type is set to program_console. Length: 10 to 255 characters. |
|
scope |
No |
String |
Scopes of authorization requests. This parameter is mandatory when the access type is set to program_console. Enumerated values:
|
|
response_type |
No |
String |
Response type. This parameter is mandatory when the access type is set to program_console. Enumerated value:
|
|
response_mode |
No |
String |
Response mode. This parameter is mandatory when the access type is set to program_console. Enumerated values:
|
|
signing_key |
Yes |
String |
Public key used to sign the ID token of the OpenID Connect identity provider. Length: 10 to 30,000 characters. Format example: {
"keys":[
{
"kid":"d05ef20c4512645vv1..." ,
"n":"cws_cnjiwsbvweolwn_-vnl...",
"e":"AQAB",
"kty":"RSA",
"use":"sig",
"alg":"RS256"
}
]
} |
Response Parameters
Status code: 201
|
Parameter |
Type |
Description |
|---|---|---|
|
object |
OpenID Connect configurations. |
|
Parameter |
Type |
Description |
|---|---|---|
|
access_mode |
String |
Access type. Options:
|
|
idp_url |
String |
URL of the OpenID Connect identity provider. This field corresponds to the iss field in the ID token. |
|
client_id |
String |
ID of a client registered with the OpenID Connect identity provider. |
|
authorization_endpoint |
String |
Authorization endpoint of the OpenID Connect identity provider. The value null is returned when the access type is set to program. |
|
scope |
String |
Scopes of authorization requests. The value null is returned when the access type is set to program. Enumerated values:
|
|
response_type |
String |
Response type. The value null is returned when the access type is set to program. Enumerated value:
|
|
response_mode |
String |
Response mode. The value null is returned when the access type is set to program. Enumerated values:
|
|
signing_key |
String |
Public key used to sign the ID token of the OpenID Connect identity provider. |
Example Request
- Request for creating an OpenID Connect identity provider that supports programmatic access configurations
POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config { "openid_connect_config" : { "access_mode" : "program", "idp_url" : "https://accounts.example.com", "client_id" : "client_id_example", "signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}" } } - Request for creating an OpenID Connect identity provider that supports programmatic access and console access configurations
POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config { "openid_connect_config" : { "access_mode" : "program_console", "idp_url" : "https://accounts.example.com", "client_id" : "client_id_example", "authorization_endpoint" : "https://accounts.example.com/o/oauth2/v2/auth", "scope" : "openid", "response_type" : "id_token", "response_mode" : "form_post", "signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}" } }
Example Response
Status code: 201
The identity provider is created successfully.
- Example 1
{ "openid_connect_config" : { "access_mode" : "program", "idp_url" : "https://accounts.example.com", "client_id" : "client_id_example", "signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}" } } - Example 2
{ "openid_connect_config" : { "access_mode" : "program_console", "idp_url" : "https://accounts.example.com", "client_id" : "client_id_example", "authorization_endpoint" : "https://accounts.example.com/o/oauth2/v2/auth", "scope" : "openid", "response_type" : "id_token", "response_mode" : "form_post", "signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}" } }
Status Codes
|
Status Code |
Description |
|---|---|
|
201 |
The identity provider is created successfully. |
|
400 |
Invalid parameters. |
|
401 |
Authentication failed. |
|
403 |
Access denied. |
|
404 |
The requested resource cannot be found. |
|
409 |
The resource already exists. |
|
500 |
Internal server error. |
Error Codes
For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
