The Gigya OpenID Connect service is part of our Federated Identity Management Services, which are premium services that require separate activation. If it is not yet a part of your existing site package, please contact support by submitting a ticket through your Console Support Portal or sending an email to firstname.lastname@example.org.
This API registers and configures a new RP for the OP .
us1.gigya.com- For the US data center.
eu1- For the European data center.
au1- For the Australian data center.
ru1- For the Russian data center.
cn1- For the Chinese data center.
If you are not sure of your site's data center, see Finding Your Data Center.
This API requires HTTPS.
|||redirectUris||array of strings|
A list of pre-approved redirect URIs for the RP.
All calls to the Authorize endpoint must contain a redirect_uri parameter in the query string. This must match one of these pre-defined redirectUris. You should get these values from the 3rd party prior to setting up the RP. redirectUris must be HTTPS.
|||description||string||A friendly description of the RP.|
|||allowedScopes||array of strings|
An array defining the allowed scopes you wish to make available to the RP. If the scope is not defined during RP creation, the RP will not be able to use that scope. Gigya supports the following scopes:
If profile scope is granted, all sub-claims are returned, if they exist, in the user record. You can not request specific sub-claims.
|||accessTokenLifetime||integer||This is the length of time the granted access_token is valid from the time it was issued and may be from 60 to 604800 seconds (7 days). If not passed this will be set to null and may break your implementation.|
|||identityTokenLifetime||integer||This is the length of time the granted id_token is valid from the time it was issued and may be from 60 to 604800 seconds (7 days). If not passed this will be set to null and may break your implementation.|
|||supportedResponseTypes||array of strings|
You may allow the RP to only receive specific response types.
These can be limited to any/all of the following:
Determines whether the subject ( sub ) of the id_token is pairwise or public.
Gigya supports two subjectIdentifierTypes:
Each REST API request must contain identification and authorization parameters.
Some REST APIs may function without these authorization parameters, however, when that occurs, these calls are treated as client-side calls and all client-side rate limits will apply. In order to not reach client-side IP rate limits that may impact your implementation when using server-to-server REST calls, it is Recommended Best Practice to always sign the request or use a secret. A non-exhaustive list of REST APIs that this may apply to are as follows:
Please refer to the Authorization Parameters section for details.
|description||string||The description of this RP.|
|clientID||string||The unique clientID for this RP.|
|clientSecret||string||The clientSecret for this specific RP.|
|redirectUris||array||The redirectUris defined during creation. See OpenID Connect Protocol Coverage for more information.|
|allowedScopes||array||The allowedScopes defined during creation. See OpenID Connect Protocol Coverage for more information.|
|supportedResponseTypes||array||The supportedResponseTypes defined during creation. See OpenID Connect Protocol Coverage for more information.|
|subjectIdentifierType||string||The subjectIdentifierType defined for this RP. See OpenID Connect Protocol Coverage for more information.|
A field that does not contain data will not appear in the response.