Transmission de paramètres personnalisés à un fournisseur d'identités sociales
Utilisez l'API REST des domaines d'identité afin de transmettre un paramètre personnalisé pour les configurations de fournisseur d'identités sociales (IdP). Pour chaque IdP de réseau social, vous pouvez définir des paramètres personnalisés statiques et dynamiques, qui sont transmis tels quels à IdP lors de l'envoi d'une demande d'autorisation.
Définition de paramètre personnalisé
Vous pouvez définir des correspondances de paramètres de relais à l'aide de l'attribut social
relayIdpParamMappings. Ce paramètre stocke les paires clé-valeur de mapping pour un réseau social IdP. Un type de paramètre dynamique est mis en correspondance avec une valeur vide ou NULL. Un type de paramètre statique contient une valeur. - Si une clé est définie en tant que paramètre statique, mais transmise avec une valeur différente, la valeur statique définie dans la configuration IdP est utilisée lors de l'exécution.
- Si une variable de paramètre de relais est transmise dans l'autorisation et que l'URL n'est pas définie dans la configuration IdP, cette variable est ignorée.
"relayIdpParamMappings": [
{
"relayParamKey": "brand", //dynamic, since string value is empty
"relayParamValue": ""
},
{
"relayParamKey": "param1" //dynamic, since value is null (not defined)
},
{
"relayParamKey": "param2", //static, since value is defined
"relayParamValue": "value2"
}Exemple de correspondances de paramètres de relais transmises à un élément IdP
Cette URL d'autorisation transmise à l'API REST des domaines d'identité :
https://<domainURL>/oauth2/v1/authorize?response_type=id_token&scope=openid&state=1234&nonce=123&client_id=<test_client>&redirect_uri=https://cloud.oracle.com& brand=abc&newParam=blah¶m1=test¶m2=newValueLa redirection à partir du fournisseur d'identités devient :
<IDPProvider Authorize URI>?client_id=....redirect_uri=....&brand=abc¶m1=test¶m2=value2.
La variable newParam est ignorée car elle n'a pas été définie dans la configuration IdP d'origine. La valeur de param2 est statique et n'est pas modifiée lors de l'autorisation d'exécution. Le paramètre dynamique brand obtient une valeur lors de l'exécution, car il a été défini initialement en tant que type dynamique lors de la configuration IdP.
Créer un IdP social avec la mise en correspondance de paramètres de relais
cURL: POST /admin/v1/SocialIdentityProviders
Exemple de corps de demande
{
"registrationEnabled": true,
"showOnLogin": true,
"description": "description",
"serviceProviderName": "Facebook",
"enabled": true,
"accountLinkingEnabled": true,
"name": "test provider custom param",
"schemas":
[
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"consumerKey": "clientId12345",
"consumerSecret": "clientSecret12345",
"relayIdpParamMappings": [
{
"relayParamKey": "brand",
"relayParamValue": ""
},
{
"relayParamKey": "param1"
},
{
"relayParamKey": "param2",
"relayParamValue": "value2"
}
]
}Exemple de corps de réponse
{
"idcsCreatedBy": {
"type": "User",
"display": "admin opc",
"value": "<user-id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"id": "<identity-provider-id>",
"meta": {
"created": "2024-03-26T05:09:37.627Z",
"lastModified": "2024-03-26T05:09:37.627Z",
"version": "7f3acb03d59644ac956bc1b1a101f08b",
"resourceType": "IdentityProvider",
"location": "https://<domainURL>/admin/v1/IdentityProviders/<identity-provider-id>"
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:x509:IdentityProvider": {
"crlEnabled": true
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "<user-id>",
"display": "admin opc",
"type": "User",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"partnerName": "test provider custom param",
"shownOnLoginPage": true,
"description": "description",
"ocid": "<domain-ocid>,
"accountLinkingEnabled": true,
"registrationEnabled": true,
"serviceProviderName": "Facebook",
"consumerSecret": "clientSecret12345",
"idAttribute": "email",
"consumerKey": "clientId12345",
"relayIdpParamMappings": [
{
"relayParamKey": "brand"
},
{
"relayParamKey": "param1"
},
{
"relayParamKey": "param2",
"relayParamValue": "value2"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "test provider custom param",
"showOnLogin": true
}Ajout d'un mappage de paramètre de relais à un fichier IdP existant
cURL: PATCH /admin/v1/SocialIdentityProviders/{idpId}Exemple de corps de demande
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "add",
"path": "relayIdpParamMappings",
"value": [
{
"relayParamKey": "param3"
},
{
"relayParamKey": "param4",
"relayParamValue": "value4"
}
]
}
]
}
Exemple de corps de réponse
{
"idcsCreatedBy": {
"type": "User",
"display": "admin opc",
"value": "<user-id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"id": "<identity-provider-id>",
"meta": {
"created": "2024-03-26T05:09:37.627Z",
"lastModified": "2024-03-26T05:15:53.551Z",
"version": "c5e3dd4485904bc98d73aedb1a994a6e",
"resourceType": "IdentityProvider",
"location": "https://<domainURL>/admin/v1/IdentityProviders/<identity-provider-id>"
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:x509:IdentityProvider": {
"crlEnabled": true
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "<user-id>",
"display": "admin opc",
"type": "User",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"partnerName": "test provider custom param",
"shownOnLoginPage": true,
"description": "description",
"ocid": "<domain-ocid>,
"accountLinkingEnabled": true,
"registrationEnabled": true,
"serviceProviderName": "Facebook",
"consumerSecret": "clientSecret12345",
"idAttribute": "email",
"consumerKey": "clientId12345",
"relayIdpParamMappings": [
{
"relayParamKey": "param3"
},
{
"relayParamKey": "param4",
"relayParamValue": "value4"
},
{
"relayParamKey": "brand"
},
{
"relayParamKey": "param1"
},
{
"relayParamKey": "param2",
"relayParamValue": "value2"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "test provider custom param",
"showOnLogin": true
}
Extraire les correspondances de paramètres de relais pour un élément IdP existant
cURL: GET /admin/v1/SocialIdentityProviders/{idpId}?attributes=relayIdpParamMappings
Exemple de corps de demande : non applicable.
Exemple de corps de réponse
{
"id": "<identity-provider-id>",
"relayIdpParamMappings": [
{
"relayParamKey": "param3"
},
{
"relayParamKey": "param4",
"relayParamValue": "value4"
},
{
"relayParamKey": "brand"
},
{
"relayParamKey": "param1"
},
{
"relayParamKey": "param2",
"relayParamValue": "value2"
}
],
"name": "test provider custom param"
}
Mise à jour d'un mappage de paramètre de relais pour un élément IdP
cURL: PATCH /admin/v1/SocialIdentityProviders/{idpId}
Exemple de corps de demande
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "replace",
"path": "relayIdpParamMappings[relayParamKey eq \"param2\"]",
"value":[
{
"relayParamKey": "param2",
"relayParamValue": "blah"
}
]
}
]
}
Exemple de corps de réponse
{
"idcsCreatedBy": {
"type": "User",
"display": "admin opc",
"value": "<user-id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"id": "<identity-provider-id>",
"meta": {
"created": "2024-03-26T05:09:37.627Z",
"lastModified": "2024-03-26T05:17:16.894Z",
"version": "cff0f9903fcf47fb9e079477565cc7fa",
"resourceType": "IdentityProvider",
"location": "https://<domainURL>/admin/v1/IdentityProviders/<identity-provider-id>"
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:x509:IdentityProvider": {
"crlEnabled": true
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "<user-id>",
"display": "admin opc",
"type": "User",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"partnerName": "test provider custom param",
"shownOnLoginPage": true,
"description": "description",
"ocid": "<domain-ocid>,
"accountLinkingEnabled": true,
"registrationEnabled": true,
"serviceProviderName": "Facebook",
"consumerSecret": "clientSecret12345",
"idAttribute": "email",
"consumerKey": "clientId12345",
"relayIdpParamMappings": [
{
"relayParamKey": "param3"
},
{
"relayParamKey": "param4",
"relayParamValue": "value4"
},
{
"relayParamKey": "brand"
},
{
"relayParamKey": "param1"
},
{
"relayParamKey": "param2",
"relayParamValue": "blah"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "test provider custom param",
"showOnLogin": true
}
Suppression d'un mappage de paramètre de relais d'un élément IdP
cURL: PATCH /admin/v1/SocialIdentityProviders/{idpId}
Exemple de corps de demande
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "remove",
"path": "relayIdpParamMappings[relayParamKey eq \"param1\"]"
}
]
}
Exemple de corps de réponse
{
"idcsCreatedBy": {
"type": "User",
"display": "admin opc",
"value": "<user-id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"id": "<identity-provider-id>",
"meta": {
"created": "2024-03-26T05:09:37.627Z",
"lastModified": "2024-03-26T05:18:02.914Z",
"version": "87dd609f85ee4a51905bc7d5071c487d",
"resourceType": "IdentityProvider",
"location": "https://<domainURL>/admin/v1/IdentityProviders/<identity-provider-id>"
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:x509:IdentityProvider": {
"crlEnabled": true
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "<user-id>",
"display": "admin opc",
"type": "User",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"partnerName": "test provider custom param",
"shownOnLoginPage": true,
"description": "description",
"ocid": "<domain-ocid>,
"accountLinkingEnabled": true,
"registrationEnabled": true,
"serviceProviderName": "Facebook",
"consumerSecret": "clientSecret12345",
"idAttribute": "email",
"consumerKey": "clientId12345",
"relayIdpParamMappings": [
{
"relayParamKey": "param3"
},
{
"relayParamKey": "param4",
"relayParamValue": "value4"
},
{
"relayParamKey": "brand"
},
{
"relayParamKey": "param2",
"relayParamValue": "blah"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "test provider custom param",
"showOnLogin": true
}Supprimer tous les mappages de paramètres de relais d'un fichier IdP
cURL: PATCH /admin/v1/SocialIdentityProviders/{idpId}
Exemple de corps de demande
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "remove",
"path": "relayIdpParamMappings"
}
]
}
Exemple de corps de réponse
{
"idcsCreatedBy": {
"type": "User",
"display": "admin opc",
"value": "<user-id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"id": "<identity-provider-id>",
"meta": {
"created": "2024-03-26T05:09:37.627Z",
"lastModified": "2024-03-26T05:18:39.488Z",
"version": "b02a6f8463904f4f8567edf59cf1efd5",
"resourceType": "IdentityProvider",
"location": "https://<domainURL>/admin/v1/IdentityProviders/<identity-provider-id>"
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:x509:IdentityProvider": {
"crlEnabled": true
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "<user-id>",
"display": "admin opc",
"type": "User",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"partnerName": "test provider custom param",
"shownOnLoginPage": true,
"description": "description",
"ocid": "<domain-ocid>,
"accountLinkingEnabled": true,
"registrationEnabled": true,
"serviceProviderName": "Facebook",
"consumerSecret": "clientSecret12345",
"idAttribute": "email",
"consumerKey": "clientId12345",
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "test provider custom param",
"showOnLogin": true
}