ソーシャル・アイデンティティ・プロバイダへのカスタム・パラメータの受渡し
アイデンティティ・ドメインREST APIを使用して、ソーシャル・アイデンティティ・プロバイダ(IdP)構成のカスタム・パラメータを渡します。ソーシャルIdPごとに、静的カスタム・パラメータと動的カスタム・パラメータの両方を定義できます。これらのパラメータは、認可リクエストで送信されたときにそのままIdPに渡されます。
カスタム・パラメータ定義
リレー・パラメータ・マッピングは、ソーシャル属性
relayIdpParamMappingsを使用して定義できます。このパラメータは、ソーシャルIdPのマッピング・キーと値のペアを格納します。動的パラメータ・タイプは空またはnull値にマップされます。静的パラメータ・タイプには値が含まれます。 - キーが静的パラメータとして定義されていても、異なる値で渡された場合、実行時にIdP構成で定義された静的値が使用されます。
- 認可でリレー・パラメータ変数が渡され、IdP構成でURLが定義されていない場合、この変数は無視されます。
"relayIdpParamMappings": [
{
"relayParamKey": "brand", //dynamic, since string value is empty
"relayParamValue": ""
},
{
"relayParamKey": "param1" //dynamic, since value is null (not defined)
},
{
"relayParamKey": "param2", //static, since value is defined
"relayParamValue": "value2"
}IdPに渡されるリレー・パラメータ・マッピングの例
アイデンティティ・ドメインREST APIに渡されるこの認可URL:
https://<domainURL>/oauth2/v1/authorize?response_type=id_token&scope=openid&state=1234&nonce=123&client_id=<test_client>&redirect_uri=https://cloud.oracle.com& brand=abc&newParam=blah¶m1=test¶m2=newValueアイデンティティ・プロバイダからのリダイレクトは次のようになります。
<IDPProvider Authorize URI>?client_id=....redirect_uri=....&brand=abc¶m1=test¶m2=value2.
変数newParamは、元のIdP構成で定義されていないため無視されます。param2の値は静的であり、実行時認可時には変更されません。動的パラメータbrandは、IdP構成時に動的タイプとして最初に定義されているため、実行時に値を取得します。
リレー・パラメータ・マッピングを使用したソーシャルIdPの作成
cURL: POST /admin/v1/SocialIdentityProviders
リクエスト本文の例
{
"registrationEnabled": true,
"showOnLogin": true,
"description": "description",
"serviceProviderName": "Facebook",
"enabled": true,
"accountLinkingEnabled": true,
"name": "test provider custom param",
"schemas":
[
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"consumerKey": "clientId12345",
"consumerSecret": "clientSecret12345",
"relayIdpParamMappings": [
{
"relayParamKey": "brand",
"relayParamValue": ""
},
{
"relayParamKey": "param1"
},
{
"relayParamKey": "param2",
"relayParamValue": "value2"
}
]
}レスポンス本文の例
{
"idcsCreatedBy": {
"type": "User",
"display": "admin opc",
"value": "<user-id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"id": "<identity-provider-id>",
"meta": {
"created": "2024-03-26T05:09:37.627Z",
"lastModified": "2024-03-26T05:09:37.627Z",
"version": "7f3acb03d59644ac956bc1b1a101f08b",
"resourceType": "IdentityProvider",
"location": "https://<domainURL>/admin/v1/IdentityProviders/<identity-provider-id>"
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:x509:IdentityProvider": {
"crlEnabled": true
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "<user-id>",
"display": "admin opc",
"type": "User",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"partnerName": "test provider custom param",
"shownOnLoginPage": true,
"description": "description",
"ocid": "<domain-ocid>,
"accountLinkingEnabled": true,
"registrationEnabled": true,
"serviceProviderName": "Facebook",
"consumerSecret": "clientSecret12345",
"idAttribute": "email",
"consumerKey": "clientId12345",
"relayIdpParamMappings": [
{
"relayParamKey": "brand"
},
{
"relayParamKey": "param1"
},
{
"relayParamKey": "param2",
"relayParamValue": "value2"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "test provider custom param",
"showOnLogin": true
}既存のIdPへのリレー・パラメータ・マッピングの追加
cURL: PATCH /admin/v1/SocialIdentityProviders/{idpId}リクエスト本文の例
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "add",
"path": "relayIdpParamMappings",
"value": [
{
"relayParamKey": "param3"
},
{
"relayParamKey": "param4",
"relayParamValue": "value4"
}
]
}
]
}
レスポンス本文の例
{
"idcsCreatedBy": {
"type": "User",
"display": "admin opc",
"value": "<user-id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"id": "<identity-provider-id>",
"meta": {
"created": "2024-03-26T05:09:37.627Z",
"lastModified": "2024-03-26T05:15:53.551Z",
"version": "c5e3dd4485904bc98d73aedb1a994a6e",
"resourceType": "IdentityProvider",
"location": "https://<domainURL>/admin/v1/IdentityProviders/<identity-provider-id>"
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:x509:IdentityProvider": {
"crlEnabled": true
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "<user-id>",
"display": "admin opc",
"type": "User",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"partnerName": "test provider custom param",
"shownOnLoginPage": true,
"description": "description",
"ocid": "<domain-ocid>,
"accountLinkingEnabled": true,
"registrationEnabled": true,
"serviceProviderName": "Facebook",
"consumerSecret": "clientSecret12345",
"idAttribute": "email",
"consumerKey": "clientId12345",
"relayIdpParamMappings": [
{
"relayParamKey": "param3"
},
{
"relayParamKey": "param4",
"relayParamValue": "value4"
},
{
"relayParamKey": "brand"
},
{
"relayParamKey": "param1"
},
{
"relayParamKey": "param2",
"relayParamValue": "value2"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "test provider custom param",
"showOnLogin": true
}
既存のIdPのリレー・パラメータ・マッピングのフェッチ
cURL: GET /admin/v1/SocialIdentityProviders/{idpId}?attributes=relayIdpParamMappings
リクエスト本文の例: 該当なし。
レスポンス本文の例
{
"id": "<identity-provider-id>",
"relayIdpParamMappings": [
{
"relayParamKey": "param3"
},
{
"relayParamKey": "param4",
"relayParamValue": "value4"
},
{
"relayParamKey": "brand"
},
{
"relayParamKey": "param1"
},
{
"relayParamKey": "param2",
"relayParamValue": "value2"
}
],
"name": "test provider custom param"
}
IdPのリレー・パラメータ・マッピングの更新
cURL: PATCH /admin/v1/SocialIdentityProviders/{idpId}
リクエスト本文の例
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "replace",
"path": "relayIdpParamMappings[relayParamKey eq \"param2\"]",
"value":[
{
"relayParamKey": "param2",
"relayParamValue": "blah"
}
]
}
]
}
レスポンス本文の例
{
"idcsCreatedBy": {
"type": "User",
"display": "admin opc",
"value": "<user-id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"id": "<identity-provider-id>",
"meta": {
"created": "2024-03-26T05:09:37.627Z",
"lastModified": "2024-03-26T05:17:16.894Z",
"version": "cff0f9903fcf47fb9e079477565cc7fa",
"resourceType": "IdentityProvider",
"location": "https://<domainURL>/admin/v1/IdentityProviders/<identity-provider-id>"
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:x509:IdentityProvider": {
"crlEnabled": true
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "<user-id>",
"display": "admin opc",
"type": "User",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"partnerName": "test provider custom param",
"shownOnLoginPage": true,
"description": "description",
"ocid": "<domain-ocid>,
"accountLinkingEnabled": true,
"registrationEnabled": true,
"serviceProviderName": "Facebook",
"consumerSecret": "clientSecret12345",
"idAttribute": "email",
"consumerKey": "clientId12345",
"relayIdpParamMappings": [
{
"relayParamKey": "param3"
},
{
"relayParamKey": "param4",
"relayParamValue": "value4"
},
{
"relayParamKey": "brand"
},
{
"relayParamKey": "param1"
},
{
"relayParamKey": "param2",
"relayParamValue": "blah"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "test provider custom param",
"showOnLogin": true
}
IdPからのリレー・パラメータ・マッピングの削除
cURL: PATCH /admin/v1/SocialIdentityProviders/{idpId}
リクエスト本文の例
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "remove",
"path": "relayIdpParamMappings[relayParamKey eq \"param1\"]"
}
]
}
レスポンス本文の例
{
"idcsCreatedBy": {
"type": "User",
"display": "admin opc",
"value": "<user-id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"id": "<identity-provider-id>",
"meta": {
"created": "2024-03-26T05:09:37.627Z",
"lastModified": "2024-03-26T05:18:02.914Z",
"version": "87dd609f85ee4a51905bc7d5071c487d",
"resourceType": "IdentityProvider",
"location": "https://<domainURL>/admin/v1/IdentityProviders/<identity-provider-id>"
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:x509:IdentityProvider": {
"crlEnabled": true
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "<user-id>",
"display": "admin opc",
"type": "User",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"partnerName": "test provider custom param",
"shownOnLoginPage": true,
"description": "description",
"ocid": "<domain-ocid>,
"accountLinkingEnabled": true,
"registrationEnabled": true,
"serviceProviderName": "Facebook",
"consumerSecret": "clientSecret12345",
"idAttribute": "email",
"consumerKey": "clientId12345",
"relayIdpParamMappings": [
{
"relayParamKey": "param3"
},
{
"relayParamKey": "param4",
"relayParamValue": "value4"
},
{
"relayParamKey": "brand"
},
{
"relayParamKey": "param2",
"relayParamValue": "blah"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "test provider custom param",
"showOnLogin": true
}IdPからのすべてのリレー・パラメータ・マッピングの削除
cURL: PATCH /admin/v1/SocialIdentityProviders/{idpId}
リクエスト本文の例
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "remove",
"path": "relayIdpParamMappings"
}
]
}
レスポンス本文の例
{
"idcsCreatedBy": {
"type": "User",
"display": "admin opc",
"value": "<user-id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"id": "<identity-provider-id>",
"meta": {
"created": "2024-03-26T05:09:37.627Z",
"lastModified": "2024-03-26T05:18:39.488Z",
"version": "b02a6f8463904f4f8567edf59cf1efd5",
"resourceType": "IdentityProvider",
"location": "https://<domainURL>/admin/v1/IdentityProviders/<identity-provider-id>"
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:x509:IdentityProvider": {
"crlEnabled": true
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "<user-id>",
"display": "admin opc",
"type": "User",
"$ref": "https://<domainURL>/admin/v1/Users/<user-id>"
},
"partnerName": "test provider custom param",
"shownOnLoginPage": true,
"description": "description",
"ocid": "<domain-ocid>,
"accountLinkingEnabled": true,
"registrationEnabled": true,
"serviceProviderName": "Facebook",
"consumerSecret": "clientSecret12345",
"idAttribute": "email",
"consumerKey": "clientId12345",
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "test provider custom param",
"showOnLogin": true
}