Request Syntax URI Request Parameters Request Body Response Syntax Response Elements Errors See Also

CreateIdentityProvider

Creates an identity provider resource that is then associated with a web portal.

Request Syntax


POST /identityProviders HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "identityProviderDetails": { 
      "string" : "string" 
   },
   "identityProviderName": "string",
   "identityProviderType": "string",
   "portalArn": "string",
   "tags": [ 
      { 
         "Key": "string",
         "Value": "string"
      }
   ]
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

clientToken

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

If you do not specify a client token, one is automatically generated by the AWS SDK.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Required: No

identityProviderDetails

The identity provider details. The following list describes the provider detail keys for each identity provider type.

For Google and Login with Amazon:
- client_id
- client_secret
- authorize_scopes
For Facebook:
- client_id
- client_secret
- authorize_scopes
- api_version
For Sign in with Apple:
- client_id
- team_id
- key_id
- private_key
- authorize_scopes
For OIDC providers:
- client_id
- client_secret
- attributes_request_method
- oidc_issuer
- authorize_scopes
- authorize_url if not available from discovery URL specified by oidc_issuer key
- token_url if not available from discovery URL specified by oidc_issuer key
- attributes_url if not available from discovery URL specified by oidc_issuer key
- jwks_uri if not available from discovery URL specified by oidc_issuer key
For SAML providers:
- MetadataFile OR MetadataURL
- IDPSignout (boolean) optional
- IDPInit (boolean) optional
- RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256
- EncryptedResponses (boolean) optional

Type: String to string map

Key Length Constraints: Minimum length of 0. Maximum length of 131072.

Key Pattern: [\s\S]*

Value Length Constraints: Minimum length of 0. Maximum length of 131072.

Value Pattern: [\s\S]*

Required: Yes

identityProviderName

The identity provider name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+

Required: Yes

identityProviderType

The identity provider type.

Type: String

Required: Yes

portalArn

The ARN of the web portal.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+

Required: Yes

tags

The tags to add to the identity provider resource. A tag is a key-value pair.

Type: Array of Tag objects

Array Members: Minimum number of 0 items. Maximum number of 200 items.

Required: No

Response Syntax


HTTP/1.1 200
Content-type: application/json

{
   "identityProviderArn": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

identityProviderArn

The ARN of the identity provider.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36}){2,}

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

Access is denied.

HTTP Status Code: 403

ConflictException

There is a conflict.

resourceId: Identifier of the resource affected.
resourceType: Type of the resource affected.

HTTP Status Code: 409

InternalServerException

There is an internal server error.

retryAfterSeconds: Advice to clients on when the call can be safely retried.

HTTP Status Code: 500

ResourceNotFoundException

The resource cannot be found.

resourceId: Hypothetical identifier of the resource affected.
resourceType: Hypothetical type of the resource affected.

HTTP Status Code: 404

ServiceQuotaExceededException

The service quota has been exceeded.

quotaCode: The originating quota.
resourceId: Identifier of the resource affected.
resourceType: Type of the resource affected.
serviceCode: The originating service.

HTTP Status Code: 402

ThrottlingException

There is a throttling error.

quotaCode: The originating quota.
retryAfterSeconds: Advice to clients on when the call can be safely retried.
serviceCode: The originating service.

HTTP Status Code: 429

ValidationException

There is a validation error.

fieldList: The field that caused the error.
reason: Reason the request failed validation

HTTP Status Code: 400