Configure an Authentication Provider
Configures an Authentication Provider on the tenant.
An authentication or identity provider (IdP) is a platform that is typically used to store and manage user accounts on behalf of an organization or a service provider. MATTR VII uses the authentication provider to authenticate end users before issuing them credentials.
Only one authentication provider can be configured on a tenant.
The /.well-known/openid-configuration
endpoint of the Authentication Provider must contain values for the authorization_endpoint
, token_endpoint
and scopes_supported
.
Analytic events
- USER_AUTHENTICATION_PROVIDER_CREATE_START
- USER_AUTHENTICATION_PROVIDER_CREATE_SUCCESS
- USER_AUTHENTICATION_PROVIDER_CREATE_FAIL
Request Body schema: application/jsonrequired
The Authentication Provider payload
url required | string <uri> Base url for your Authentication Provider well-known endpoint:
|
scope | Array of strings Default: ["openid","profile","email"] OpenID scopes to use during authentication. Each scope returns a set of user attributes which are called claims. Be sure to test that right scopes are added to get all the information you need. |
clientId required | string The client ID of the application client created on your IdP. |
clientSecret required | string The client secret of the application client created on your IdP. |
tokenEndpointAuthMethod | string Default: "client_secret_basic" Authentication method for your IdP token endpoint:
|
object <= 1000 properties Additional parameters (maximum 1000 entries allowed) that will be included in the request to your IdP. These parameters are identical for every request as defined in your configuration. An example would be setting the prompt to be login to let your IdP know it should show the login page every time. Keys must be strings. Values of top-level object keys must stringify to less than 1000 characters. | |
forwardedRequestParameters | Array of strings Default: [] In contrast to |
claimsToPersist | Array of strings Default: [] List of claims to persist from your IdP to MATTR VII. If you have attributes from the ID token (e.g. email, picture, etc.) that you would like persisted on MATTR VII, add them to this array. By default this array is empty, meaning no claims are persisted on MATTR VII. |
Authentication Provider configured
Bad Request
- Payload
- curl
- Node.js
- JavaScript
- Python
- C#
- Java
{- "scope": [
- "email"
], - "clientId": "vJ0SCKchr4XjC0xHNE8DkH6Pmlg2lkCN",
- "clientSecret": "QNwfa4Yi4Im9zy1u_15n7SzWKt-9G5cdH0r1bONRpUPfN-UIRaaXv_90z8V6-OjH",
- "tokenEndpointAuthMethod": "client_secret_post",
- "staticRequestParameters": {
- "prompt": "login",
- "max_age": 10000
}, - "forwardedRequestParameters": [
- "login_hint"
], - "claimsToPersist": [
- "first_name",
- "last_name",
- "email"
]
}
- 201
- 400
{- "id": "983c0a86-204f-4431-9371-f5a22e506599",
- "scope": [
- "email"
], - "clientId": "vJ0SCKchr4XjC0xHNE8DkH6Pmlg2lkCN",
- "clientSecret": "***********************************************************6-OjH",
- "tokenEndpointAuthMethod": "client_secret_post",
- "staticRequestParameters": {
- "prompt": "login",
- "max_age": 10000
}, - "forwardedRequestParameters": [
- "login_hint"
], - "claimsToPersist": [
- "first_name",
- "last_name",
- "email"
]
}
Retrieve all Authentication Providers
Returns a list of all Authentication Providers on your tenant.
Analytic events
- USER_AUTHENTICATION_PROVIDER_RETRIEVE_LIST_START
- USER_AUTHENTICATION_PROVIDER_RETRIEVE_LIST_SUCCESS
- USER_AUTHENTICATION_PROVIDER_RETRIEVE_LIST_FAIL
Authentication Providers retrieved
Bad Request
- curl
- Node.js
- JavaScript
- Python
- C#
- Java
- 200
- 400
{- "nextCursor": "Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1hNjZmZmVhNS04NDhlLTQzOWQtODBhNC1kZGE1NWY1M2UzNmM",
- "data": [
- {
- "id": "983c0a86-204f-4431-9371-f5a22e506599",
- "scope": [
- "email"
], - "clientId": "vJ0SCKchr4XjC0xHNE8DkH6Pmlg2lkCN",
- "clientSecret": "***********************************************************6-OjH",
- "tokenEndpointAuthMethod": "client_secret_post",
- "staticRequestParameters": {
- "prompt": "login",
- "max_age": 10000
}, - "forwardedRequestParameters": [
- "login_hint"
], - "claimsToPersist": [
- "first_name",
- "last_name",
- "email"
]
}
]
}
Retrieve an Authentication Provider
Retrieve an existing Authentication Provider by providing its ID.
Analytic events
- USER_AUTHENTICATION_PROVIDER_RETRIEVE_START
- USER_AUTHENTICATION_PROVIDER_RETRIEVE_SUCCESS
- USER_AUTHENTICATION_PROVIDER_RETRIEVE_FAIL
Authentication Provider retrieved
Bad Request
Authentication Provider not found
- curl
- Node.js
- JavaScript
- Python
- C#
- Java
- 200
- 400
- 404
{- "id": "983c0a86-204f-4431-9371-f5a22e506599",
- "scope": [
- "email"
], - "clientId": "vJ0SCKchr4XjC0xHNE8DkH6Pmlg2lkCN",
- "clientSecret": "***********************************************************6-OjH",
- "tokenEndpointAuthMethod": "client_secret_post",
- "staticRequestParameters": {
- "prompt": "login",
- "max_age": 10000
}, - "forwardedRequestParameters": [
- "login_hint"
], - "claimsToPersist": [
- "first_name",
- "last_name",
- "email"
]
}
Update an Authentication Provider
Updates an existing Authentication Provider by providing its ID.
Analytic events
- USER_AUTHENTICATION_PROVIDER_UPDATE_START
- USER_AUTHENTICATION_PROVIDER_UPDATE_SUCCESS
- USER_AUTHENTICATION_PROVIDER_UPDATE_FAIL
path Parameters
Request Body schema: application/jsonrequired
Update an Authentication Provider
scope | Array of strings Default: ["openid","profile","email"] OpenID scopes to use during authentication. Each scope returns a set of user attributes which are called claims. Be sure to test that right scopes are added to get all the information you need. |
clientId required | string The client ID of the application client created on your IdP. |
clientSecret | string The client secret of the application client created on your IdP. |
tokenEndpointAuthMethod | string Default: "client_secret_basic" Authentication method for your IdP token endpoint:
|
object <= 1000 properties Additional parameters (maximum 1000 entries allowed) that will be included in the request to your IdP. These parameters are identical for every request as defined in your configuration. An example would be setting the prompt to be login to let your IdP know it should show the login page every time. Keys must be strings. Values of top-level object keys must stringify to less than 1000 characters. | |
forwardedRequestParameters | Array of strings Default: [] In contrast to |
claimsToPersist | Array of strings Default: [] List of claims to persist from your IdP to MATTR VII. If you have attributes from the ID token (e.g. email, picture, etc.) that you would like persisted on MATTR VII, add them to this array. By default this array is empty, meaning no claims are persisted on MATTR VII. |
Authentication Provider updated
Bad Request
Authentication Provider not found
- Payload
- curl
- Node.js
- JavaScript
- Python
- C#
- Java
{- "scope": [
- "email"
], - "clientId": "vJ0SCKchr4XjC0xHNE8DkH6Pmlg2lkCN",
- "clientSecret": "QNwfa4Yi4Im9zy1u_15n7SzWKt-9G5cdH0r1bONRpUPfN-UIRaaXv_90z8V6-OjH",
- "tokenEndpointAuthMethod": "client_secret_post",
- "staticRequestParameters": {
- "prompt": "login",
- "max_age": 10000
}, - "forwardedRequestParameters": [
- "login_hint"
], - "claimsToPersist": [
- "first_name",
- "last_name",
- "email"
]
}
- 200
- 400
- 404
{- "id": "983c0a86-204f-4431-9371-f5a22e506599",
- "scope": [
- "email"
], - "clientId": "vJ0SCKchr4XjC0xHNE8DkH6Pmlg2lkCN",
- "clientSecret": "***********************************************************6-OjH",
- "tokenEndpointAuthMethod": "client_secret_post",
- "staticRequestParameters": {
- "prompt": "login",
- "max_age": 10000
}, - "forwardedRequestParameters": [
- "login_hint"
], - "claimsToPersist": [
- "first_name",
- "last_name",
- "email"
]
}
Delete an Authentication Provider
Deletes an existing Authentication Provider by providing its ID.
Analytic events
- USER_AUTHENTICATION_PROVIDER_DELETE_START
- USER_AUTHENTICATION_PROVIDER_DELETE_SUCCESS
- USER_AUTHENTICATION_PROVIDER_DELETE_FAIL
Authentication Provider deleted
Bad Request
Authentication Provider not found
- curl
- Node.js
- JavaScript
- Python
- C#
- Java
- 400
- 404
{- "code": "BadRequest",
- "message": "Validation Error",
- "details": [
- {
- "location": "params",
- "msg": "Invalid value",
- "param": "authenticationProviderId",
- "value": "abc"
}
]
}