Gigya Job Openings

fidm.oidc.rp.createOP REST

Skip to end of metadata
Go to start of metadata

Description

This API registers and configures a new OP  for the RP .

For a successful OIDC configuration, the redirect_uri that the OP needs to add to your site's RP configuration is:

https://socialize.us1.gigya.com/GS/GSLogin.aspx?

or

https://<CName_alias>/GS/GSLogin.aspx?

and must include the '?' portion of the URI.

 

Request URL


Where <Data_Center> is:
  • us1.gigya.com - For the US data center.
  • eu1.gigya.com - For the European data center.
  • au1.gigya.com - For the Australian data center.
  • ru1.gigya.com - For the Russian data center.
  • cn1.gigya-api.cn - For the Chinese data center.

If you are not sure of your site's data center, see Finding Your Data Center.

This API requires HTTPS.

Parameters

RequiredNameTypeDescription
providerNamestringThe name for the specified OP configuration. This must be alpha-numeric and all lower-case.
clientIDstringThe client_id received from the OP.
clientSecretstringThe client_secret received from the OP.
authorizeEndpointstringThe OP's authorize endpoint.
tokenEndpointstringThe OP's token endpoint.
userInfoEndpointstringThe OP's userinfo endpoint.
scopesstring, space delimitedThe scopes you intend to request from the OP in a space delimited string. These must be supported by the OP or all requests will fail. If using custom scopes, ensure they match the names provided by the OP.
issuerstringThe issuer that will be returned in JWTs from the OP. If this does not match identically to the field returned, the request will fail.
jwksJSON object

An optional JSON object that contains the keys array of the OP retrieved from their JWKS endpoint.

Important notes:

  • Gigya only supports keys that are type RSA with an algorithm of RS256. Entering keys that are not RSA/RS256 will cause all validations to fail and users will not be able to login.
  • If keys are supplied and they do not match what was returned from the OP, the requests will fail. If the OP uses keys that are not RSA/RS256, do not pass this parameter.
 Expand a code example...
{
 "keys": [
  {
   "kty": "RSA",
   "alg": "RS256",
   "use": "sig",
   "kid": "7c368fc914ce6cb181fa0d670f63bd5df6db7b25",
   "n": "vWmir2ZdXeMZkfsg0GTPfQw7CKmDNu50Sc76pndZPNyLf5JeR39JueHIPVXJ_WVWS3vS2wU_GySiDyn-ZyzQwuOb0LoetG9RuYN9M55NV2Ky6I8N9cy2XTWGcLcd-mezwLCJ_LCNCBGCZZOfKwV5WSbKgLu_KHzcAI4tO5QW1MmRHlzBFzf_71uHilBK-cZpp5a0vbJ5h99FzkdTZAl7p_r1-K0V__Tlw0rtREftKRkoT1_kdJHBKVN6SOlkfqdRFd2yqkIE53rSzf0vl89Hn2USa12SDmWgX1y0vz51iOBaQpR1GQfJ6EiJbsr2UEeCbeuw007eMXTVDey7eqDXEQ",
   "e": "AQAB"
  },
  {
   "kty": "RSA",
   "alg": "RS256",
   "use": "sig",
   "kid": "8f2454ea88744d1f5281ba7179d8dcd743d08572",
   "n": "4MMiBbRcZ6LCNDGl5PG84AxKnn1_EItc_Va9rV6-6OWJKAG1WrPt3s5oLRO9twLKBFsPXEyhNQDwgfBX9KtRLVM-KhaSpCddaAKj5DkdtynPftNYsNjjpMT4DHgmPmHji-8whYRqvylXm72wJbfjBeU64Rq58nS86VeDtWalXXzLQpDQqRXfM1JWP5ONq4prfE05J_8ct6c8qrWX52Tt6D-kvnua68_EkcojARh3tFD2QwzIX-rmBDCIznSO15bcRGC4VkMBcLFZX4Z-uYfMPvBefYTbRp8R332j5H1ub6RoiX45_93A7NT6DFVGfeiCupDeYwKl_aU9y-bcfARRaQ",
   "e": "AQAB"
  },
  {
   "kty": "RSA",
   "alg": "RS256",
   "use": "sig",
   "kid": "012858b5a6b447bf807c52d8bcdd28c082ff7826",
   "n": "opSrGob_ol4C4mfq-UIwhsjto3_7sH-xtrgmm4LKqHlB9-dos6YfKLsi-emYh6wsGUW90udAFiSYnzV2bFERwrEi8pi2hom_DwLmwf-UdlzaCsNYDstRJrvHO5hfLOncopVTpBSCxCfq3q1uD4KgUWLUFgLmfjDumwAqpnCuTjl5vdlhrgoeN_zUgZ0YJ1MAAC1ndEuWp91gpzJojCQ-Gje5gWrT4pa3o0PFVO2NtJJZTL_MCM-Fq_s2LPTnuZJm_-zQWf9qV-UYTISgX5MgseEQ4pLI4M7rdEmrHyQmgWwvfmpGpwa0qeoyXwIVHX_95OfTQnQde0__pW6NEbnggQ",
   "e": "AQAB"
  }
 ]
}

 

Authorization Parameters

Each REST API request must contain identification and authorization parameters.

Some REST APIs may function without these authorization parameters, however, when that occurs, these calls are treated as client-side calls and all client-side rate limits will apply. In order to not reach client-side IP rate limits that may impact your implementation when using server-to-server REST calls, it is Recommended Best Practice to always sign the request or use a secret. A non-exhaustive list of REST APIs that this may apply to are as follows:

  • accounts.login
  • socialize.login
  • accounts.notifyLogin
  • socialize.notifyLogin
  • accounts.finalizeRegistration
  • accounts.linkAccounts

Please refer to the Authorization Parameters section for details. 

Response Data

FieldTypeDescription
 
errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
errorMessage string A short textual description of an error, associated with the errorCode, for logging purposes. This field will appear in the response only in case of an error.
errorDetails string This field will appear in the response only in case of an error and will contain the exception info, if available.
fullEventName string The full name of the event that triggered the response. This is an internally used parameter that is not always returned and should not be relied upon by your implementation.
callId string Unique identifier of the transaction, for debugging purposes.
time string The time of the response represented in ISO 8601 format, i.e., yyyy-mm-dd-Thh:MM:ss.SSSZ or
statusCode integer The HTTP response code of the operation. Code '200' indicates success.
This property is deprecated and only returned for backward compatibility.
statusReason string A brief explanation of the status code.
This property is deprecated and only returned for backward compatibility.

 

A field that does not contain data will not appear in the response.

Response Example

{
  "callId": "0aa32d70419442f3bebe58b44267212d",
  "errorCode": 0,
  "apiVersion": 2,
  "statusCode": 200,
  "statusReason": "OK",
  "time": "2017-01-09T16:02:08.930Z"
}

 

 

 

  • No labels