weihongmin1
46d24ba358
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com> Co-authored-by: weihongmin1 <weihongmin1@huawei.com> Co-committed-by: weihongmin1 <weihongmin1@huawei.com>
35 KiB
Obtaining an Unscoped Token with an OpenID Connect ID Token
Function
This API is used to obtain an unscoped token using an OpenID Connect ID token.
URI
POST /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
idp_id |
Yes |
String |
Identity provider ID. |
protocol_id |
Yes |
String |
Protocol ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
Authorization |
Yes |
String |
ID token of the identity provider. The format is Bearer {ID Token}. |
Response Parameters
Status code: 201
Parameter |
Type |
Description |
|---|---|---|
X-Subject-Token |
String |
Signed token. |
Parameter |
Type |
Description |
|---|---|---|
object |
Details about the obtained token. |
Parameter |
Type |
Description |
|---|---|---|
expires_at |
String |
Time when the token will expire. |
methods |
Array of strings |
Token obtaining method. The default value for federated authentication is mapped. |
issued_at |
String |
Time when the token was issued. |
object |
User details. |
Parameter |
Type |
Description |
|---|---|---|
object |
Federated user details. |
|
object |
Domain details. |
|
id |
String |
User ID. |
name |
String |
Username |
Parameter |
Type |
Description |
|---|---|---|
object |
Identity provider details. |
|
object |
Protocol details. |
|
Array |
User group details. |
Parameter |
Type |
Description |
|---|---|---|
id |
String |
Identity provider ID. |
Parameter |
Type |
Description |
|---|---|---|
id |
String |
User group ID. |
name |
String |
User group name. |
Parameter |
Type |
Description |
|---|---|---|
id |
String |
Permission ID. |
name |
String |
Permission name. |
Parameter |
Type |
Description |
|---|---|---|
Array of objects |
Endpoint information. |
|
id |
String |
Service ID. |
name |
String |
Service name. |
type |
String |
Type of the service to which the API belongs. |
Example Request
POST https://sample.domain.com/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth
Example Response
Status code: 201
The request is successful.
{
"token" : {
"expires_at" : "2018-03-13T03:00:01.168000Z",
"methods" : [ "mapped" ],
"issued_at" : "2018-03-12T03:00:01.168000Z",
"user" : {
"OS-FEDERATION" : {
"identity_provider" : {
"id" : "idptest"
},
"protocol" : {
"id" : "oidc"
},
"groups" : [ {
"name" : "admin",
"id" : "45a8c8f..."
} ]
},
"domain" : {
"id" : "063bb260a480...",
"name" : "IAMDomain"
},
"name" : "FederationUser",
"id" : "suvmgvUZc4PaCOEc..."
}
}
}
Status code: 400
The server failed to process the request.
{
"error" : {
"code" : 400,
"message" : "Request parameter 'idp id' is invalid.",
"title" : "Bad Request"
}
}
Status code: 401
Authentication failed.
{
"error" : {
"code" : 401,
"message" : "The request you have made requires authentication.",
"title" : "Unauthorized"
}
}
Status code: 403
Access denied.
{
"error" : {
"code" : 403,
"message" : "You are not authorized to perform the requested action.",
"title" : "Forbidden"
}
}
Status code: 404
The requested resource cannot be found.
{
"error" : {
"code" : 404,
"message" : "Could not find %(target)s: %(target_id)s.",
"title" : "Not Found"
}
}
Status code: 500
Internal system error.
{
"error" : {
"code" : 500,
"message" : "An unexpected error prevented the server from fulfilling your request.",
"title" : "Internal Server Error"
}
}
Status Codes
Status Code |
Description |
|---|---|
201 |
The request is successful. |
400 |
The server failed to process the request. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The requested resource cannot be found. |
500 |
Internal system error. |