|
ProviderDetails
|
System.Collections.Generic.Dictionary<System.String, System.String> |
Gets and sets the property ProviderDetails.
The scopes, URLs, and identifiers for your external identity provider. The following
examples describe the provider detail keys for each IdP type. These values and their
schema are subject to change. Social IdP authorize_scopes values must match
the values listed here.
- OpenID Connect (OIDC)
Amazon Cognito accepts the following elements when it can't discover endpoint URLs
from oidc_issuer : attributes_url , authorize_url , jwks_uri ,
token_url .
Create or update request: "ProviderDetails": { "attributes_request_method": "GET",
"attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid
profile email", "authorize_url": "https://auth.example.com/authorize", "client_id":
"1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json",
"oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token"
}
Describe response: "ProviderDetails": { "attributes_request_method": "GET", "attributes_url":
"https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes":
"openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id":
"1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json",
"oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token"
} - SAML
Create or update request with Metadata URL: "ProviderDetails": { "IDPInit": "true",
"IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata",
"RequestSigningAlgorithm": "rsa-sha256" }
Create or update request with Metadata file: "ProviderDetails": { "IDPInit": "true",
"IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]",
"RequestSigningAlgorithm": "rsa-sha256" }
The value of MetadataFile must be the plaintext metadata document with all
quote (") characters escaped by backslashes.
Describe response: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true",
"EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL":
"https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256",
"SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI":
"https://auth.example.com/sso/saml" } - LoginWithAmazon
Create or update request: "ProviderDetails": { "authorize_scopes": "profile postal_code",
"client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"
Describe response: "ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile",
"attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code",
"authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789",
"client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url":
"https://api.amazon.com/auth/o2/token" } - Google
Create or update request: "ProviderDetails": { "authorize_scopes": "email profile
openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret":
"provider-app-client-secret" }
Describe response: "ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=",
"attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid",
"authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com",
"client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com",
"token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token"
} - SignInWithApple
Create or update request: "ProviderDetails": { "authorize_scopes": "email name",
"client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE",
"team_id": "3EXAMPLE" }
Describe response: "ProviderDetails": { "attributes_url_add_attributes": "false",
"authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize",
"client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com",
"team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token"
} - Facebook
Create or update request: "ProviderDetails": { "api_version": "v17.0", "authorize_scopes":
"public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret"
}
Describe response: "ProviderDetails": { "api_version": "v17.0", "attributes_url":
"https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true",
"authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth",
"client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method":
"GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }
|