Overview
This guide gives step-by-step instructions on how you can integrate miniOrange Identity Provider and User Store APIs with your system.
Pre-requisites
- You need to create a free trial account with miniOrange.
- Login to our console and Click on the Settings provided on the right top corner of the console.
- Copy your Api Key and follow the steps below to generate the Authentication Header.
Step 1: Create Authentication Header
To be able to call our challenge and validate Rest APIs, you will need to set the authorization headers required to make sure that the request being made is by a valid user. You can check the sample JAVA and PHP code below to get an idea on how you can create the authorization headers.
The following values need to be set in the Header of the HTTP Request being made.
| Attribute | Description |
|---|---|
| Customer-Key | Your customer key. |
| Api-Key | Your Api Key |
| Timestamp | The time in milliseconds when the request is being made |
| Authorization | Sha 512 Hash Value consisting of the customer key , current timestamp and api key. |
You can get your Customer-Key and Api Key by following these steps:
- Log in to your Admin Dashboard.
- Go to System Settings from the top right corner. You will find all of your information under the Account Details section.
- Java
- PHP
/* You can get customer Key and customer Api Key from your admin dashboard */
String customerKey = "<YOUR_CUSTOMER_KEY>";
String apiKey = "<YOUR_API_KEY>";
/* Current time in milliseconds since midnight, January 1, 1970 UTC. */
String currentTimeInMillis = String.valueOf(System.currentTimeMillis());
/* Creating the Hash using SHA-512 algorithm (Apache Shiro library) */
String stringToHash = customerKey + currentTimeInMillis + apiKey;
String hashValue = new Sha512Hash(stringToHash).toHex().toLowerCase();
HttpPost postRequest = new HttpPost("<URL for calling API>");
/* Setting the Authorization Header values */
postRequest.setHeader("Customer-Key", customerKey);
postRequest.setHeader("Timestamp", currentTimeInMillis);
postRequest.setHeader("Authorization", hashValue)/* You can get customer Key and customer Api Key from your admin dashboard*/
$customerKey = "<YOUR_CUSTOMER_KEY>";
$apiKey = "<YOUR_API_KEY>";
/* Current time in milliseconds since midnight, January 1, 1970 UTC. */
$currentTimeInMillis = round(microtime(true) * 1000);
/* Creating the Hash using SHA-512 algorithm */
$stringToHash = $customerKey . number_format ( $currentTimeInMillis, 0, '', '' ) . $apiKey;
$hashValue = hash("sha512", $stringToHash);
/* Add $customerKeyHeader,$timestampHeader and $authorizationHeader in the httpheader */
$customerKeyHeader = "Customer-Key: " . $customerKey;
$timestampHeader = "Timestamp: " . number_format ( $currentTimeInMillis, 0, '', '' );
$authorizationHeader = "Authorization: " . $hashValue;Step 2: API Details
Get All Configured OAuth Providers
To get all configured OAuth providers, you need to make a HTTP GET request to our get all OAuth Providers API.
Endpoint Information:
| Type | Information |
|---|---|
| Method | GET |
| URL | https://login.xecurify.com/services/api/idps/v1/oauth?startIndex={startIndex}&count={count} |
Request headers:
| Parameters | Type |
|---|---|
| Customer-Key | int |
| Timestamp | int |
| Authorization | String |
CustomerKey : CustomerKey is the customer key for your account and must be sent with all client requests.
Timestamp : Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization : Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey). Check the Authorization Section above for more details.
Request Parameters:
| Parameters | Type | Comments |
|---|---|---|
| startIndex (optional) | Int | Defaults to 0 if no value passed |
| count (optional) | Int | Defaults to 10 if no value passed |
Sample Code for Request:
In the following code, just replace <YOUR_CUSTOMER_KEY>, <START_INDEX>, <COUNT>, <AUTHORIZATION> and <TIMESTAMP> with the respective values
- cURL
- Java
- PHP
curl --location --request GET 'https://login.xecurify.com/services/api/idps/v1/oauth?startIndex=<START_INDEX>&count=<COUNT>' \
--header 'Authorization: <AUTHORIZATION>' \
--header 'Customer-Key: <YOUR_CUSTOMER_KEY>' \
--header 'Timestamp: <TIMESTAMP>'OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
.url("https://login.xecurify.com/services/api/idps/v1/oauth?startIndex=<START_INDEX>&count=<COUNT>")
.method("GET", body)
.addHeader("Authorization", "<AUTHORIZATION>")
.addHeader("Customer-Key", "<YOUR_CUSTOMER_KEY>")
.addHeader("Timestamp", "<TIMESTAMP>")
.build();
Response response = client.newCall(request).execute();<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://login.xecurify.com/services/api/idps/v1/oauth?startIndex=<START_INDEX>&count=<COUNT>',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => array(
'Authorization: <AUTHORIZATION>',
'Customer-Key: <YOUR_CUSTOMER_KEY>',
'Timestamp: <TIMESTAMP>'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;Example Request:
https://login.xecurify.com/services/api/idps/v1/oauth?startIndex=0&count=10Example Response:
{
"status": "SUCCESS",
"statusCode": 200,
"message": "Identity Provider settings retrieved successfully.",
"timestamp": "2024-09-13T07:04:33.798Z",
"details": "uri=/v1/oauth",
"idpList": {
"totalResults": 3,
"startIndex": 0,
"itemsPerPage": 10,
"resources": [
{
"displayName": "Test OAuth IDP",
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"isDefault": false,
"endUserLogin": false,
"domainMapping": "OAuth",
"attributeMapping": [],
"identifier": "custom_oauth_okta_admin_dev_prod",
"clientId": "OAuth Client ID",
"clientSecret": "OAuth Client Secret",
"scope": [
"openid",
"profile"
],
"grantType": "AUTHORIZATION",
"authorizeEndpoint": "https://dev.okta.com/oauth2/default/v1/authorize",
"tokenEndpoint": "https://dev.okta.com/oauth2/default/v1/token",
"userInfoEndpoint": "https://dev.okta.com/oauth2/default/v1/userinfo",
"introspectionEndpoint": "",
"signRequest": false,
"sendScopeInTokenRequest": true,
"clientCredentialsHeaderEnabled": false,
"uuid": "1ddd51c2-6efa-4978-80b8-dc91b10b9412",
"oauthCallBackUrl": "https://wolf.xecurify.com/moas/broker/login/oauth/callback/334709"
},
{
"displayName": "Azure B2C",
"showIdpToUsers": true,
"promptForUserRegistration": true,
"sendConfiguredAttributes": false,
"isDefault": false,
"endUserLogin": true,
"domainMapping": "AZURE",
"attributeMapping": [],
"identifier": "azure_b2c_azure_b2c",
"clientId": "OAuth Client ID",
"clientSecret": "OAuth Client Secret",
"scope": [
"openid",
"profile",
"email"
],
"grantType": "AUTHORIZATION",
"authorizeEndpoint": "https://login.microsoftonline.com/oauth2/v2.0/authorize",
"tokenEndpoint": "https://login.microsoftonline.com/oauth2/v2.0/token",
"userInfoEndpoint": "https://graph.microsoft.com/oidc/userinfo",
"introspectionEndpoint": "",
"signRequest": false,
"sendScopeInTokenRequest": true,
"clientCredentialsHeaderEnabled": true,
"uuid": "ab0ad6ba-08c7-421f-86c2-21711def405f",
"oauthCallBackUrl": "https://wolf.xecurify.com/moas/broker/login/oauth/callback/334709"
},
{
"displayName": "OAuth IDP",
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"isDefault": false,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
],
"identifier": "custom_oauth_oauth_idp",
"clientId": "OAuth Client ID",
"clientSecret": "OAuth Client Secret",
"scope": [
"profile",
"email"
],
"grantType": "AUTHORIZATION",
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"signRequest": false,
"sendScopeInTokenRequest": true,
"clientCredentialsHeaderEnabled": true,
"uuid": "a3564079-a229-421d-9af7-20972f1df1c0",
"oauthCallBackUrl": "https://wolf.xecurify.com/moas/broker/login/oauth/callback/334709"
}
]
}
}Fetch Specific OAuth Provider
To fetch details of a configured OAuth provider, you need to make an HTTP GET request to our fetch OAuth Provider Configuration endpoint.
Endpoint Information:
| Type | Information |
|---|---|
| Method | GET |
| URL | https://login.xecurify.com/services/api/idps/v1/oauth/{uuid} |
Request headers:
| Parameters | Type |
|---|---|
| Customer-Key | int |
| Timestamp | int |
| Authorization | String |
CustomerKey : CustomerKey is the customer key for your account and must be sent with all client requests.
Timestamp : Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization : Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey). Check the Authorization Section above for more details.
Request Parameters:
| Parameters | Type | Comments |
|---|---|---|
| uuid (required) | UUID | OAuth IDP Unique identifier |
Sample Code for Request:
In the following code, just replace <YOUR_CUSTOMER_KEY>, <UUID>, <AUTHORIZATION> and <TIMESTAMP> with the respective values
- cURL
- Java
- PHP
curl --location --request GET 'https://login.xecurify.com/services/api/idps/v1/oauth/<UUID>' \
--header 'Authorization: <AUTHORIZATION>' \
--header 'Customer-Key: <YOUR_CUSTOMER_KEY>' \
--header 'Timestamp: <TIMESTAMP>'OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
.url("https://login.xecurify.com/services/api/idps/v1/oauth/<UUID>")
.method("GET", body)
.addHeader("Authorization", "<AUTHORIZATION>")
.addHeader("Customer-Key", "<YOUR_CUSTOMER_KEY>")
.addHeader("Timestamp", "<TIMESTAMP>")
.build();
Response response = client.newCall(request).execute();<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://login.xecurify.com/services/api/idps/v1/oauth/<UUID>',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => array(
'Authorization: <AUTHORIZATION>',
'Customer-Key: <YOUR_CUSTOMER_KEY>',
'Timestamp: <TIMESTAMP>'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;Example Request:
https://login.xecurify.com/services/api/idps/v1/oauth/a3564079-a229-421d-9af7-20972f1df1c0Example Response:
{
"status": "SUCCESS",
"statusCode": 200,
"message": "Identity Provider settings retrieved successfully.",
"timestamp": "2024-09-13T07:10:23.258Z",
"details": "uri=/v1/oauth/a3564079-a229-421d-9af7-20972f1df1c0",
"idp": {
"displayName": "OAuth IDP",
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"isDefault": false,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
],
"identifier": "custom_oauth_oauth_idp",
"clientId": "clientId",
"clientSecret": "clientSecret",
"scope": [
"profile",
"email"
],
"grantType": "AUTHORIZATION",
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"signRequest": false,
"sendScopeInTokenRequest": true,
"clientCredentialsHeaderEnabled": true,
"uuid": "a3564079-a229-421d-9af7-20972f1df1c0",
"oauthCallBackUrl": "https://wolf.xecurify.com/moas/broker/login/oauth/callback/334709"
}
}Add a OAuth Provider
To add a OAuth provider, you need to make an HTTP POST request to our add OAuth Provider Configuration endpoint.
Endpoint Information:
| Type | Information |
|---|---|
| Method | POST |
| URL | https://login.xecurify.com/services/api/idps/v1/oauth |
Request headers:
| Parameters | Type |
|---|---|
| Content-Type | application/json |
| Customer-Key | int |
| Timestamp | int |
| Authorization | String |
CustomerKey : CustomerKey is the customer key for your account and must be sent with all client requests.
Timestamp : Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization : Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey). Check the Authorization Section above for more details.
Main Request Parameters:
| Parameters | Type | Comments |
|---|---|---|
| identifier (required) | String | Unique identifier for your Identity provider |
| displayName (required) | String | Display Name for your OAuth IdP. |
| authorizeEndpoint (required) | String | Authorization endpoint |
| tokenEndpoint (required) | String | Token endpoint |
| userInfoEndpoint (required) | String | User information endpoint |
| introspectionEndpoint (optional) | String | Introspection endpoint |
| clientId (required) | String | Client ID |
| clientSecret (required) | String | Client Secret |
| grantType (required) | String | Authorization Grant Type |
| clientCredentialsHeaderEnabled (optional) | Boolean | Allows to send client credentials in headers (default = false) |
| scope (optional) | List of String | OpenID Scopes (supported = “openid”, “email”, “profile”) |
| sendScopeInTokenRequest (optional) | Boolean | Allows to send scopes in token request (default=false) |
| showIdpToUsers (optional) | Boolean | Allows to show this IDP to users. (default = false) |
| promptForUserRegistration (optional) | Boolean | Allows to register user in miniOrange by prompting for registration. (default = false) |
| sendConfiguredAttributes (optional) | Boolean | Allows this to send configured attributes (default = false) |
| attributeMapping (optional) | Object | Configured attributes will be added in the list of Object (“incomingAttribute” and “outgoingAttribute”). |
| endUserLogin (optional) | Boolean | Allows user to use IDP credentials to login into user dashboard. (default = false) |
| domainMapping (optional) | String | Allows to use this IdP for limited domains. Configured attributes will be added in the list of Object (“incomingAttribute” and “outgoingAttribute”). |
Sample Code for Request:
In the following code, just replace <AUTHORIZATION> and <TIMESTAMP> with the respective values
- cURL
- Java
- PHP
curl --location --request POST 'https://login.xecurify.com/services/api/idps/v1/oauth' \
--header 'Authorization: <AUTHORIZATION>' \
--header 'Customer-Key: <YOUR_CUSTOMER_KEY>' \
--header 'Timestamp: <TIMESTAMP>' \
--header 'Content-Type: application/json' \
--data-raw '{
"identifier": "custom_oauth",
"displayName": "OAuth IDP",
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"clientId": "OAuth Client ID",
"clientSecret": "OAuth Client Secret",
"grantType": "AUTHORIZATION",
"clientCredentialsHeaderEnabled": true,
"scope": [
"PROFILE", "EMAIL"
],
"sendScopeInTokenRequest": true,
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
]
}'OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, """
{
"identifier": "custom_oauth",
"displayName": "OAuth IDP",
"clientId": "OAuth Client ID",
"clientSecret": "OAuth Client Secret",
"grantType": "AUTHORIZATION",
"scope": ["PROFILE", "EMAIL"],
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"clientCredentialsHeaderEnabled": true,
"sendScopeInTokenRequest": true,
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
]
}
""");
Request request = new Request.Builder()
.url("https://login.xecurify.com/services/api/idps/v1/oauth")
.method("POST", body)
.addHeader("Authorization", "<AUTHORIZATION>")
.addHeader("Customer-Key", "<YOUR_CUSTOMER_KEY>")
.addHeader("Timestamp", "<TIMESTAMP>")
.addHeader("Content-Type", "application/json")
.build();
Response response = client.newCall(request).execute();<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://login.xecurify.com/services/api/idps/v1/oauth',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"identifier": "custom_oauth",
"displayName": "OAuth IDP",
"clientId": "OAuth Client ID",
"clientSecret": "OAuth Client Secret",
"grantType": "AUTHORIZATION",
"scope": ["PROFILE", "EMAIL"],
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"clientCredentialsHeaderEnabled": true,
"sendScopeInTokenRequest": true,
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
]
}',
CURLOPT_HTTPHEADER => array(
'Authorization: <AUTHORIZATION>',
'Customer-Key: <YOUR_CUSTOMER_KEY>',
'Timestamp: <TIMESTAMP>',
'Content-Type: application/json'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;Example Request:
https://login.xecurify.com/services/api/idps/v1/oauthExample Request body:
{
"identifier": "custom_oauth",
"displayName": "OAuth IDP",
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"clientId": "clientId",
"clientSecret": "clientSecret",
"grantType": "AUTHORIZATION",
"clientCredentialsHeaderEnabled": true,
"scope": [
"PROFILE", "EMAIL"
],
"sendScopeInTokenRequest": true,
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
]
}Example Response:
{
"status": "SUCCESS",
"statusCode": 201,
"message": "Identity Provider created successfully.",
"timestamp": "2024-09-13T07:03:48.541Z",
"details": "uri=/v1/oauth",
"idp": {
"displayName": "OAuth IDP",
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"isDefault": false,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
],
"identifier": "custom_oauth_oauth_idp",
"clientId": "clientId",
"clientSecret": "clientSecret",
"scope": [
"profile",
"email"
],
"grantType": "AUTHORIZATION",
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"signRequest": false,
"sendScopeInTokenRequest": true,
"clientCredentialsHeaderEnabled": true,
"uuid": "a3564079-a229-421d-9af7-20972f1df1c0",
"oauthCallBackUrl": "https://wolf.xecurify.com/moas/broker/login/oauth/callback/334709"
}
}Update a OAuth Provider
To update a OAuth provider, you need to make a HTTP PUT request to our update OAuth Provider Configuration endpoint.
Endpoint Information:
| Type | Information |
|---|---|
| Method | PUT |
| URL | https://login.xecurify.com/services/api/idps/v1/oauth/{uuid} |
Request headers:
| Parameters | Type |
|---|---|
| Content-Type | application/json |
| Customer-Key | int |
| Timestamp | int |
| Authorization | String |
CustomerKey : CustomerKey is the customer key for your account and must be sent with all client requests.
Timestamp : Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization : Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey). Check the Authorization Section above for more details.
Request Parameters:
| Parameters | Type | Comments |
|---|---|---|
| uuid (required) | UUID | OAuth IDP Unique identifier |
Main Request Parameters:
| Parameters | Type | Comments |
|---|---|---|
| identifier (required) | String | Unique identifier for your Identity provider |
| displayName (required) | String | Display Name for your OAuth IdP. |
| authorizeEndpoint (required) | String | Authorization endpoint |
| tokenEndpoint (required) | String | Token endpoint |
| userInfoEndpoint (required) | String | User information endpoint |
| introspectionEndpoint (optional) | String | Introspection endpoint |
| clientId (required) | String | Client ID |
| clientSecret (required) | String | Client Secret |
| grantType (required) | String | Authorization Grant Type |
| clientCredentialsHeaderEnabled (optional) | Boolean | Allows to send client credentials in headers (default = false) |
| scope (optional) | List of String | OpenID Scopes (supported = “openid”, “email”, “profile”) |
| sendScopeInTokenRequest (optional) | Boolean | Allows to send scopes in token request (default=false) |
| showIdpToUsers (optional) | Boolean | Allows to show this IDP to users. (default = false) |
| promptForUserRegistration (optional) | Boolean | Allows to register user in miniOrange by prompting for registration. (default = false) |
| sendConfiguredAttributes (optional) | Boolean | Allows this to send configured attributes (default = false) |
| attributeMapping (optional) | Object | Configured attributes will be added in the list of Object (“incomingAttribute” and “outgoingAttribute”). |
| endUserLogin (optional) | Boolean | Allows user to use IDP credentials to login into user dashboard. (default = false) |
| domainMapping (optional) | String | Allows to use this IdP for limited domains. Configured attributes will be added in the list of Object (“incomingAttribute” and “outgoingAttribute”). |
Sample Code for Request:
In the following code, just replace <YOUR_CUSTOMER_KEY>, <UUID>, <ENTITY_ID>, <LOGIN_URL>, <LOGOUT_URL>, <X509_CERT>, <AUTHORIZATION> and <TIMESTAMP> with the respective values
- cURL
- Java
- PHP
curl --location --request PUT 'https://login.xecurify.com/services/api/idps/v1/oauth/<UUID>' \
--header 'Authorization: <AUTHORIZATION>' \
--header 'Customer-Key: <YOUR_CUSTOMER_KEY>' \
--header 'Timestamp: <TIMESTAMP>' \
--header 'Content-Type: application/json' \
--data-raw '{
"identifier": "custom_oauth",
"displayName": "OAuth IDP",
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"clientId": "OAuth Client ID",
"clientSecret": "OAuth Client Secret",
"grantType": "AUTHORIZATION",
"clientCredentialsHeaderEnabled": true,
"scope": [
"PROFILE", "EMAIL"
],
"sendScopeInTokenRequest": true,
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
]
}'OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, """
{
"identifier": "custom_oauth",
"displayName": "OAuth IDP",
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"clientId": "OAuth Client ID",
"clientSecret": "OAuth Client Secret",
"grantType": "AUTHORIZATION",
"clientCredentialsHeaderEnabled": true,
"scope": [
"PROFILE", "EMAIL"
],
"sendScopeInTokenRequest": true,
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
]
}
""");
Request request = new Request.Builder()
.url("https://login.xecurify.com/services/api/idps/v1/oauth/<UUID>")
.method("PUT", body)
.addHeader("Authorization", "<AUTHORIZATION>")
.addHeader("Customer-Key", "<YOUR_CUSTOMER_KEY>")
.addHeader("Timestamp", "<TIMESTAMP>")
.addHeader("Content-Type", "application/json")
.build();
Response response = client.newCall(request).execute();<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://login.xecurify.com/services/api/idps/v1/oauth/<UUID>',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'PUT',
CURLOPT_POSTFIELDS =>'{
"identifier": "custom_oauth",
"displayName": "OAuth IDP",
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"clientId": "OAuth Client ID",
"clientSecret": "OAuth Client Secret",
"grantType": "AUTHORIZATION",
"clientCredentialsHeaderEnabled": true,
"scope": [
"PROFILE", "EMAIL"
],
"sendScopeInTokenRequest": true,
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
]
}',
CURLOPT_HTTPHEADER => array(
'Authorization: <AUTHORIZATION>',
'Customer-Key: <YOUR_CUSTOMER_KEY>',
'Timestamp: <TIMESTAMP>',
'Content-Type: application/json'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;Example Request:
https://login.xecurify.com/services/api/idps/v1/oauth/a3564079-a229-421d-9af7-20972f1df1c0Example Request body:
{
"identifier": "custom_oauth",
"displayName": "OAuth IDP",
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"clientId": "clientId",
"clientSecret": "clientSecret",
"grantType": "AUTHORIZATION",
"clientCredentialsHeaderEnabled": true,
"scope": [
"PROFILE", "EMAIL"
],
"sendScopeInTokenRequest": true,
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
]
}Example Response:
{
"status": "SUCCESS",
"statusCode": 200,
"message": "Identity Provider updated successfully.",
"timestamp": "2024-09-13T08:23:18.301Z",
"details": "uri=/v1/oauth/a3564079-a229-421d-9af7-20972f1df1c0",
"idp": {
"displayName": "OAuth IDP",
"showIdpToUsers": true,
"promptForUserRegistration": false,
"sendConfiguredAttributes": true,
"isDefault": false,
"endUserLogin": false,
"domainMapping": "domain.com",
"attributeMapping": [
{
"incomingAttribute": "mail",
"outgoingAttribute": "EMAIL"
},
{
"incomingAttribute": "username",
"outgoingAttribute": "USERNAME"
},
{
"incomingAttribute": "age",
"outgoingAttribute": "AGE"
}
],
"identifier": "custom_oauth_oauth_idp",
"clientId": "clientId",
"clientSecret": "clientSecret",
"scope": [
"profile",
"email"
],
"grantType": "AUTHORIZATION",
"authorizeEndpoint": "https://oauth.com/authorize",
"tokenEndpoint": "https://oauth.com/token",
"userInfoEndpoint": "https://oauth.com/userinfo",
"introspectionEndpoint": "https://oauth.com/introspection",
"signRequest": false,
"sendScopeInTokenRequest": true,
"clientCredentialsHeaderEnabled": true,
"uuid": "a3564079-a229-421d-9af7-20972f1df1c0",
"oauthCallBackUrl": "https://wolf.xecurify.com/moas/broker/login/oauth/callback/334709"
}
}Delete a OAuth Provider
To delete a OAuth provider, you need to make a HTTP DELETE request to our delete OAuth Provider endpoint.
Endpoint Information:
| Type | Information |
|---|---|
| Method | DELETE |
| URL | https://login.xecurify.com/services/api/idps/v1/oauth/{uuid} |
Request headers:
| Parameters | Type |
|---|---|
| Customer-Key | int |
| Timestamp | int |
| Authorization | String |
CustomerKey : CustomerKey is the customer key for your account and must be sent with all client requests.
Timestamp : Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization : Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey). Check the Authorization Section above for more details.
Main Request Parameters:
| Parameters | Type | Comments |
|---|---|---|
| uuid (required) | UUID | OAuth IDP Unique identifier |
Sample Code for Request:
In the following code, just replace <YOUR_CUSTOMER_KEY>, <UUID>, <AUTHORIZATION> and <TIMESTAMP> with the respective values
- cURL
- Java
- PHP
curl --location --request DELETE 'https://login.xecurify.com/services/api/idps/v1/oauth/<UUID>' \
--header 'Authorization: <AUTHORIZATION>' \
--header 'Customer-Key: <YOUR_CUSTOMER_KEY>' \
--header 'Timestamp: <TIMESTAMP>'OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
.url("https://login.xecurify.com/services/api/idps/v1/oauth/<UUID>")
.method("DELETE", body)
.addHeader("Authorization", "<AUTHORIZATION>")
.addHeader("Customer-Key", "<YOUR_CUSTOMER_KEY>")
.addHeader("Timestamp", "<TIMESTAMP>")
.build();
Response response = client.newCall(request).execute();<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://login.xecurify.com/services/api/idps/v1/oauth/<UUID>',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'DELETE',
CURLOPT_HTTPHEADER => array(
'Authorization: <AUTHORIZATION>',
'Customer-Key: <YOUR_CUSTOMER_KEY>',
'Timestamp: <TIMESTAMP>'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;Example Request:
https://login.xecurify.com/services/api/idps/v1/oauth/a3564079-a229-421d-9af7-20972f1df1c0Example Response:
204 No Content