Create or update an identity provider.
Operation ID: registerIdentityProviderCreate or update an identity provider by name.
curl "https://{shortCode}.api.commercecloud.salesforce.com/shopper/auth-admin/v1/tenants/{tenantId}/idps/{name}" \
-X PUT \
-H "content-type: application/json" \
-d '{
"name": "google",
"clientId": "idp-client-id",
"clientSecret": "idp-secret",
"authUrl": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenUrl": "https://oauth2.googleapis.com/token",
"tokenInfoUrl": "https://oauth2.googleapis.com/tokeninfo",
"userInfoUrl": "https://www.googleapis.com/oauth2/v3/userinfo",
"redirectUrl": "http://localhost:9010/hydra/callback",
"wellKnownUrl": "https://accounts.google.com/.well-known/openid-configuration",
"scopes": [
"openid",
"email",
"profile"
],
"preferenceValue": true,
"isClientCredsBody": false,
"teamId": "appleTeamId",
"keyId": "appleKeyId",
"loginMergeClaims": [
"email"
],
"oidcClaimMapper": [
"accessToken=access_token",
"refreshToken=refresh_token",
"accessTokenTTL=expires_in",
"idToken=id_token",
"subject=sub",
"email=email",
"userId=sub",
"familyName=family_name",
"givenName=given_name",
"name=name"
]
}'
Name
zzeu_001, bgvn_dev
{
"name": "google",
"clientId": "idp-client-id",
"clientSecret": "idp-secret",
"authUrl": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenUrl": "https://oauth2.googleapis.com/token",
"tokenInfoUrl": "https://oauth2.googleapis.com/tokeninfo",
"userInfoUrl": "https://www.googleapis.com/oauth2/v3/userinfo",
"redirectUrl": "http://localhost:9010/hydra/callback",
"wellKnownUrl": "https://accounts.google.com/.well-known/openid-configuration",
"scopes": [
"openid",
"email",
"profile"
],
"preferenceValue": true,
"isClientCredsBody": false,
"teamId": "appleTeamId",
"keyId": "appleKeyId",
"loginMergeClaims": [
"email"
],
"oidcClaimMapper": [
"accessToken=access_token",
"refreshToken=refresh_token",
"accessTokenTTL=expires_in",
"idToken=id_token",
"subject=sub",
"email=email",
"userId=sub",
"familyName=family_name",
"givenName=given_name",
"name=name"
]
}
Identity Provider Name
- adfs
- apple
- auth0
- azure
- cognito
- forgerock
- gigya
- gigya_social
- okta
- ping
- salesforce
google
IDP authorize URL
https://www.salesforce.com/authorize
IDP token URL
https://www.salesforce.com/token
IDP token info URL
https://www.salesforce.com/introspect
IDP user info URL
https://www.salesforce.com/userinfo
Redirect URL to go to after IDP flow is complete. This URL must be registered with the IDP.
https://www.salesforce.com/idp/callback
IDP URL to get OIDC configuration.
https://www.salesforce.com/.well-known/openid-configuration
Client Id of the third party IDP.
934277749308-02dg4398n3s31ofge8cot46jirn3kpkf.apps.googleusercontent.com
Client Secret of the third party IDP. For Apple copy the contents from the .p8 file that was downloaded from Apple between -----BEGIN PRIVATE KEY----- and ----END PRIVATE KEY----- markers.
aKZM1xEnZopNP2bm2gc3GKex
Set the IDP configuration as the Preferred SLAS IDP. Default value is false
.
true
Default is to place the client credentials in a basic authorization header for the call to the IDP. If true, the client credentials are placed in the POST body to the IDP.
false
If set to true
, SLAS uses the wellKnowUrl
value to populate the authUrl
, tokenUrl
, userInfoUrl
, and scopes
values from the identity provider. Default value is false
.
false
IDP Scopes
[
null,
null,
null
]
Apple Team Id. Used primarily for Sign with Apple in generating the client secret.
appleTeamId
Apple key id. This is the Key ID that was obtained from Apple when the the private key for client authentication was created. Used primarily for Sign with Apple in generating the client secret.
appleKeyId
List of user info claims that can be used as identifiers to look up and merge with an existing B2C Commerce profile for a registered shopper or an existing B2C Commerce profile created via federated login with an external Identity Provider with the same merge claim as this one. If multiple matching B2C Commerce shopper (customer) profiles are found, the external profile is merged with the most recently created shopper (customer) profile. Refer to the Merge Shopper Profiles user guide for more details. Note: When configuring an Apple IDP, 'email' and 'sub' are the only supported merge claims.
[
null,
null
]
Mapping from the identity provider’s token claims for SLAS to get user information values when the user successfully authenticates. The values in this array should be setup using the following key=value
pair pattern. The key part is the SLAS key with the value part being the OIDC claim key.
[
null,
null,
null,
null,
null,
null,
null,
null,
null,
null
]
The identity provider was updated successfully.
{
"name": "google",
"clientId": "idp-client-id",
"clientSecret": "idp-secret",
"authUrl": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenUrl": "https://oauth2.googleapis.com/token",
"tokenInfoUrl": "https://oauth2.googleapis.com/tokeninfo",
"userInfoUrl": "https://www.googleapis.com/oauth2/v3/userinfo",
"redirectUrl": "http://localhost:9010/hydra/callback",
"wellKnownUrl": "https://accounts.google.com/.well-known/openid-configuration",
"scopes": [
"openid",
"email",
"profile"
],
"isPreferred": true,
"isClientCredsBody": false,
"teamId": "appleTeamId",
"keyId": "appleKeyId",
"loginMergeClaims": [
"email"
],
"oidcClaimMapper": [
"accessToken=access_token",
"refreshToken=refresh_token",
"accessTokenTTL=expires_in",
"idToken=id_token",
"subject=sub",
"email=email",
"userId=sub",
"familyName=family_name",
"givenName=given_name",
"name=name"
]
}
Identity Provider Name
google
IDP authorization URL
https://www.salesforce.com/authorize
IDP token URL
https://www.salesforce.com/token
IDP token info URL
https://www.salesforce.com/inspect
IDP user info URL
https://www.salesforce.com/userinfo
Redirect URL to go to after IDP flow is complete. This URL must be registered with the IDP.
https://www.salesforce.com/idp/callback
IDP to get OIDC configuration.
https://www.salesforce.com/.well-known/openid-configuration
Client Id of the third party IDP.
934277749308-02dg4398n3s31ofge8cot46jirn3kpkf.apps.googleusercontent.com
Client Secret of the third party IDP. For Apple copy the contents from the .p8 file that was downloaded from Apple between -----BEGIN PRIVATE KEY----- and ----END PRIVATE KEY----- markers.
aKZM1xEnZopNP2bm2gc3GKex
Indicates if the IDP configuration is the Preferred SLAS IDP for the Tenant Id.
true
Default is to place the client credentials in a basic authorization header for the call to the IDP. If true, the client credentials are placed in the POST body to the IDP.
false
Scopes needed by the IDP.
[
null,
null,
null
]
Apple Team ID. Used primarily for Sign with Apple in generating the client secret.
appleTeamId
Apple key ID. This is the Key ID that was obtained from Apple when the the private key for client authentication was created. Used primarily for Sign with Apple in generating the client secret.
appleKeyId
List of user info claims that can be used as identifiers to look up and merge with an existing B2C Commerce profile for a registered shopper or an existing B2C Commerce profile created via federated login with an external Identity Provider with the same merge claim as this one. If multiple matching B2C Commerce shopper (customer) profiles are found, the external profile is merged with the most recently created shopper (customer) profile. Refer to the Merge Shopper Profiles user guide for more details.
Note: When configuring an Apple IDP, 'email' and 'sub' are the only supported merge claims.
[
null,
null
]
Mapping from the identity provider’s token claims for SLAS to get user information values when the user successfully authenticates. The values in this array should be setup using the following key=value
pair pattern. The key part is the SLAS key with the value part being the OIDC claim key.
[
null,
null,
null,
null,
null,
null,
null,
null,
null,
null
]