Obtaining an Unscoped Token with an OpenID Connect ID Token¶
Function¶
This API is used to obtain an unscoped token using an OpenID Connect ID token.
URI¶
POST /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth
Parameter | Mandatory | Type | Description |
---|---|---|---|
idp_id | Yes | String | Identity provider ID. |
protocol_id | Yes | String | Protocol ID. |
Request Parameters¶
Parameter | Mandatory | Type | Description |
---|---|---|---|
Authorization | Yes | String | ID token of the identity provider. The format is Bearer {ID Token}. |
Response Parameters¶
Status code: 201
Parameter | Type | Description |
---|---|---|
X-Subject-Token | String | Signed token. |
Parameter | Type | Description |
---|---|---|
expires_at | String | Time when the token will expire. |
methods | Array of strings | Token obtaining method. The default value for federated authentication is mapped. |
issued_at | String | Time when the token was issued. |
object | User details. |
Parameter | Type | Description |
---|---|---|
object | Federated user details. |
Parameter | Type | Description |
---|---|---|
object | Identity provider details. | |
object | Protocol details. | |
groups | Array | User group details. |
object | Domain details. | |
id | String | User ID. |
name | String | Username. |
Parameter | Type | Description |
---|---|---|
id | String | Identity provider ID. |
Parameter | Type | Description |
---|---|---|
id | String | Protocol ID. |
Parameter | Type | Description |
---|---|---|
id | String | Domain ID. |
name | String | Domain name. |
Example Request¶
POST https://sample.domain.com/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth
Example Response¶
Status code: 201
The request is successful.
{
"token" : {
"expires_at" : "2018-03-13T03:00:01.168000Z",
"methods" : [ "mapped" ],
"issued_at" : "2018-03-12T03:00:01.168000Z",
"user" : {
"OS-FEDERATION" : {
"identity_provider" : {
"id" : "idptest"
},
"protocol" : {
"id" : "oidc"
},
"groups" : [ {
"name" : "admin",
"id" : "45a8c8f..."
} ]
},
"domain" : {
"id" : "063bb260a480...",
"name" : "IAMDomain"
},
"name" : "FederationUser",
"id" : "suvmgvUZc4PaCOEc..."
}
}
}
Status code: 400
The server failed to process the request.
{
"error" : {
"code" : 400,
"message" : "Request parameter 'idp id' is invalid.",
"title" : "Bad Request"
}
}
Status code: 401
Authentication failed.
{
"error" : {
"code" : 401,
"message" : "The request you have made requires authentication.",
"title" : "Unauthorized"
}
}
Status code: 403
Access denied.
{
"error" : {
"code" : 403,
"message" : "You are not authorized to perform the requested action.",
"title" : "Forbidden"
}
}
Status code: 404
The requested resource cannot be found.
{
"error" : {
"code" : 404,
"message" : "Could not find %(target)s: %(target_id)s.",
"title" : "Not Found"
}
}
Status code: 500
Internal system error.
{
"error" : {
"code" : 500,
"message" : "An unexpected error prevented the server from fulfilling your request.",
"title" : "Internal Server Error"
}
}
Status Codes¶
Status Code | Description |
---|---|
201 | The request is successful. |
400 | The server failed to process the request. |
401 | Authentication failed. |
403 | Access denied. |
404 | The requested resource cannot be found. |
500 | Internal system error. |