CreateIdentityProvider
Creates an identity provider resource that is then associated with a web portal.
Request Syntax
POST /identityProviders HTTP/1.1
Content-type: application/json
{
"clientToken": "string
",
"identityProviderDetails": {
"string
" : "string
"
},
"identityProviderName": "string
",
"identityProviderType": "string
",
"portalArn": "string
",
"tags": [
{
"Key": "string
",
"Value": "string
"
}
]
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- clientToken
-
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 512.
Required: No
- identityProviderDetails
-
The identity provider details. The following list describes the provider detail keys for each identity provider type.
-
For Google and Login with Amazon:
-
client_id
-
client_secret
-
authorize_scopes
-
-
For Facebook:
-
client_id
-
client_secret
-
authorize_scopes
-
api_version
-
-
For Sign in with Apple:
-
client_id
-
team_id
-
key_id
-
private_key
-
authorize_scopes
-
-
For OIDC providers:
-
client_id
-
client_secret
-
attributes_request_method
-
oidc_issuer
-
authorize_scopes
-
authorize_url
if not available from discovery URL specified byoidc_issuer
key -
token_url
if not available from discovery URL specified byoidc_issuer
key -
attributes_url
if not available from discovery URL specified byoidc_issuer
key -
jwks_uri
if not available from discovery URL specified byoidc_issuer
key
-
-
For SAML providers:
-
MetadataFile
ORMetadataURL
-
IDPSignout
(boolean) optional -
IDPInit
(boolean) optional -
RequestSigningAlgorithm
(string) optional - Only acceptsrsa-sha256
-
EncryptedResponses
(boolean) optional
-
Type: String to string map
Key Length Constraints: Minimum length of 0. Maximum length of 131072.
Key Pattern:
[\s\S]*
Value Length Constraints: Minimum length of 0. Maximum length of 131072.
Value Pattern:
[\s\S]*
Required: Yes
-
- identityProviderName
-
The identity provider name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern:
[^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+
Required: Yes
- identityProviderType
-
The identity provider type.
Type: String
Valid Values:
SAML | Facebook | Google | LoginWithAmazon | SignInWithApple | OIDC
Required: Yes
- portalArn
-
The ARN of the web portal.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern:
arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+
Required: Yes
-
The tags to add to the identity provider resource. A tag is a key-value pair.
Type: Array of Tag objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"identityProviderArn": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- identityProviderArn
-
The ARN of the identity provider.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern:
arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36}){2,}
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
Access is denied.
HTTP Status Code: 403
- ConflictException
-
There is a conflict.
- resourceId
-
Identifier of the resource affected.
- resourceType
-
Type of the resource affected.
HTTP Status Code: 409
- InternalServerException
-
There is an internal server error.
- retryAfterSeconds
-
Advice to clients on when the call can be safely retried.
HTTP Status Code: 500
- ResourceNotFoundException
-
The resource cannot be found.
- resourceId
-
Hypothetical identifier of the resource affected.
- resourceType
-
Hypothetical type of the resource affected.
HTTP Status Code: 404
- ServiceQuotaExceededException
-
The service quota has been exceeded.
- quotaCode
-
The originating quota.
- resourceId
-
Identifier of the resource affected.
- resourceType
-
Type of the resource affected.
- serviceCode
-
The originating service.
HTTP Status Code: 402
- ThrottlingException
-
There is a throttling error.
- quotaCode
-
The originating quota.
- retryAfterSeconds
-
Advice to clients on when the call can be safely retried.
- serviceCode
-
The originating service.
HTTP Status Code: 429
- ValidationException
-
There is a validation error.
- fieldList
-
The field that caused the error.
- reason
-
Reason the request failed validation
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: