Gigya Job Openings

fidm.oidc.op.getRP REST

Skip to end of metadata
Go to start of metadata

The Gigya OpenID Connect service is part of our Federated Identity Management Services, which are premium services that require separate activation. If it is not yet a part of your existing site package, please contact support by submitting a ticket through your Console Support Portal or sending an email to support@gigya.com.

Description

This API returns the configuration data for a specified RP .

Request URL


Where <Data_Center> is:
  • us1.gigya.com - For the US data center.
  • eu1.gigya.com - For the European data center.
  • au1.gigya.com - For the Australian data center.
  • ru1.gigya.com - For the Russian data center.
  • cn1.gigya-api.cn - For the Chinese data center.

If you are not sure of your site's data center, see Finding Your Data Center.

This API requires HTTPS.

Parameters

RequiredNameTypeDescription
clientIDstringThe clientID of the RP whose data you want to return. You can retrieve this parameter using the getRPs API.

Authorization Parameters

Each REST API request must contain identification and authorization parameters.

Some REST APIs may function without these authorization parameters, however, when that occurs, these calls are treated as client-side calls and all client-side rate limits will apply. In order to not reach client-side IP rate limits that may impact your implementation when using server-to-server REST calls, it is Recommended Best Practice to always sign the request or use a secret. A non-exhaustive list of REST APIs that this may apply to are as follows:

  • accounts.login
  • socialize.login
  • accounts.notifyLogin
  • socialize.notifyLogin
  • accounts.finalizeRegistration
  • accounts.linkAccounts

Please refer to the Authorization Parameters section for details. 

Sample Requests

 

Response Data

FieldTypeDescription

description

stringThe friendly description of the RP.

redirectUris

array

A list of pre-approved redirect URIs for the RP.

 Click here to expand...

All calls to the Authorize endpoint must contain a RedirectUri parameter. This must match one of these pre-defined redirectUris. You should get these values from the 3rd party prior to setting up the RP.

allowedScopes

array

An array defining the allowed scopes you want to release.

 Click here to expand...

The scopes you wish to make available to the RP. If the scope is not defined during RP creation, the RP will not be able to use that scope. Gigya supports the following scopes:

  • openid - (Required) - Informs the Authorization Server that the Client is making an OpenID Connect request and is mandatory.
  • email - (Optional) - Requests access to the email and email_verified Claims of the user.
  • profile - (Optional) - Requests access to the End-User's available profile Claims, which are: 
    • name - The user's Gigya name.
    • family_name - The user's Gigya lastName.
    • given_name - The user's Gigya firstName.
    • email - The user's Gigya email.
    • picture - The user's Gigya photoURL.
    • gender - The user's gender.
    • birthdate - The user's birthdate.

clientId

stringThe clientId of this RP.

clientSecret

stringThe clientSecret of this RP.

supportedResponseTypes

array

You may allow the RP to only receive specific response types.

 Click here to expand...

These can be limited to any/all of the following:

  • code
  • id_token
  • id_token token
  • code id_token
  • code token
  • code id_token token

subjectIdentifierType

string

Whether the sub on the id_token is scoped (pairwise) or public.

 Click here to expand...

Gigya supports two subjectIdentifierTypes:

  • pairwise (default) - a persistent pseudonym is returned - site and uid are encrypted using a per RP symmetric encryption key so the identifier that identifies the user to the RP can not be correlated to any other user on any other RP (even if they are the same user).
  • public - If set to public, the user's UID is returned as the sub claim of the identityToken.
 
errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
errorMessage string A short textual description of an error, associated with the errorCode, for logging purposes. This field will appear in the response only in case of an error.
errorDetails string This field will appear in the response only in case of an error and will contain the exception info, if available.
fullEventName string The full name of the event that triggered the response. This is an internally used parameter that is not always returned and should not be relied upon by your implementation.
callId string Unique identifier of the transaction, for debugging purposes.
time string The time of the response represented in ISO 8601 format, i.e., yyyy-mm-dd-Thh:MM:ss.SSSZ or
statusCode integer The HTTP response code of the operation. Code '200' indicates success.
This property is deprecated and only returned for backward compatibility.
statusReason string A brief explanation of the status code.
This property is deprecated and only returned for backward compatibility.

 

A field that does not contain data will not appear in the response.

Response Example

{
  "statusCode": 200,
  "errorCode": 0,
  "statusReason": "OK",
  "callId": "0ac740a1d1444e*******************",
  "time": "2016-03-22T10:20:18.732Z",
  "description": "This is a THIRD RP",
  "redirectURIs": [
    "http://someRandomUrlGoesHere.one",
    "http://someRandomUrlGoesHere.two"
  ],
  "allowedScopes": [
    "openid",
    "email",
    "profile"
  ],
  "clientID": "Z-Dd8GTsZJ******************",
  "clientSecret": "7_CbWuu6UqokqyjAfhD9sz4xpHnBhW3r2KkI4****************************************",
  "supportedResponseTypes": [
    "code",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "subjectIdentifierType": "pairwise"
}

  • No labels