Configure a Default IDP

If you're using Shopper API Access and Login (SLAS) with 3rd party identity providers (IDP) and you would like to use an IDP that is not supported by SLAS, you can use SLAS' Default IDP feature to communicate with your IDP.

This guide covers the steps required to configure a Default IDP with SLAS using either the SLAS Admin API or UI.

Let's review an example request to configure a Default IDP using SLAS Admin API's registerIdentityProvider endpoint:

Configuring a default IDP requires the same properties as supported IDPs.

Additionally, the IDP's name must begin with the prefix default. You can associate multiple default IDPs with you tenant by adding additional characters after this prefix or using a single dash like default-linkedin.

You must also provide a oidcClaimMapper property. It is used to map the IDP's token claims to SLAS' required IDP keys. It is a list of strings where each string's format is $KEY=$VAL where $KEY is a required SLAS IDP key and $VAL is the name of the corresponding IDP token claim.

The following keys must be mapped:

  • accessToken: Value of access token.
  • accessTokenTTL: Time to live of access token.
  • refreshToken: Value of the refresh token.
  • idToken: Value of the ID token.
  • subject: The subject. This is the unique identifier of the shopper.
  • userId: Also the subject. This is the unique identifier of the shopper.
  • email: Shopper's email.
  • familyName: Shopper's family name.
  • givenName: Shopper's given name.
  • name: Shopper's full name.

If corresponding claims cannot be found in the IDP token response, authentication fails.

If the IDP supports the Open ID Connect Discovery protocol, SLAS can attempt to automatically configure your Default IDP:

The wellKnownUrl property is the URL of the IDP's Open ID Connect Discovery endpoint. The useWellKnown property is a boolean that indicates whether SLAS should attempt to automatically configure the Default IDP using the Open ID Connect Discovery endpoint.