Attach a trusted OpenID Connect Identity Provider to an App

post

https://Use API Lookup for a base URL/apps/{app}/identityProviders/{identityProvider}

Attach a new trusted OpenID Connect Identity Provider to an App.

The App must be constrained to a Project. To constrain an App to a Project, use the Access Manager -> Apps -> My Apps -> Edit app -> specify "DEFAULT ACCESS TO A PROJECT", and check "Allow access only in this project".

An App may have at most 2 IdentityProviders attached to it.

Access Control:

The calling principal must have either "manage" action permission for the resource "{app}" in the "account" service or "readIdentityProviders" action permission for the callers "{realm}" in the "account" service.
The calling principal MUST NOT include a project scope.

Path Params

app

string

required

HRN identifying the application. Must be URL-encoded, if reserved characters ":/?#[]@!$&'()*+,;=" are used. see https://tools.ietf.org/html/rfc3986#section-2.2.

identityProvider

string

required

HRN identifying the IdentityProvider.

Query Params

fields

string

Comma-separated list of fields to return, for the created AppIdentityProviderAttachment.
By default, the "identityProviderHrn", "appHrn", and "enabled" properties are returned. Additional supported fields also include "identityProviderId", "identityProviderName", "identityProviderDescription", "identityProviderAccountType", "identityProviderRealm", and "identityProviderIssuerAttachments".

Body Params

enabled

boolean

Defaults to true

Indicates whether or not this AppIdentityProviderAttachment is enabled.

Headers

X-Request-ID

string

The unique for the request, used to track this request within the service. X-Request-ID value is NOT propagated to the downstream services.

X-Correlation-ID

string

Correlates HTTP requests between a client and server. If not present in the incoming request, it will be generated. This header and value will be included in all loglines including access logs. It will also be propagated to downstream services and returned in the response.

Responses

201Created

400Bad Request. E110000 - Missing required field, etc. E110000 - Maximum number of Identity Providers configured per App was exceeded. The maximum is 2.

401Missing Authorization header.

403An error has occurred. E110000 - Subject does not have the required "manage" access to the app , or does not have the required "readIdentityProviders" access to the realm.