identity-providers

Download Spec

PrivX Identity Providers
get /role-store/api/v1/identity-providers

List all identity providers.

offset

int

Offset where to start fetching the items

Default
0

limit

int

Number of items to return

Default
50
Max
100

Response

ExamplesSchema

Successful response, returns an array of identity providers.

{
  "count": 123,
  "items": [
    {
      "id": "5bf77342-221c-11ee-be56-0242ac120002",
      "name": "Acme identity provider",
      "token_type": "JWT",
      "jwt_issuer": "acme",
      "jwt_audience": "privx",
      "jwt_subject_type": "dn",
      "jwt_subject_dn_username_attribute": "cn",
      "custom_attributes": [
        {
          "field_name": "email",
          "type": "string_pattern",
          "expected_value": "*@privx.io"
        },
        {
          "field_name": "instances",
          "type": "ip_range",
          "start": "192.168.3.1",
          "end": "192.168.3.254"
        },
        {
          "field_name": "instances",
          "type": "ip_client"
        },
        {
          "field_name": "uid",
          "type": "numeric_range",
          "start": "1001",
          "end": "65535"
        }
      ],
      "public_key_method": "static",
      "public_keys": [
        {
          "key_id": "key-1",
          "comment": "string",
          "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoopkfuxiDKcB3XGT3TlF\n14dyBUTJctzO80O2iX69GVzcXcx/TFVo8J1f8QASxHaW8w5GyLyNVMjc0lhoKM9T\nPrb5RN/wXchfBCRYxMu57sVcvD1e7JR586ELebX1206ZL9/jyeFK4wVjaPxcBbhC\nEb/Gw1dcSxlt0SoeconCv2yRsRVxxQCHv91HAvg2S17uC3K/AxU4gOoGzlK/dEYi\n6TztKimKhuxkNFcT9l5gDIWoQQXLPCxN7ayqJ60MBw/N8esbgrgAYfGPgOEWnRDY\n59aAuOMzVBlRVFnrBRU+pVlINcDens1DaZP8Dut7gdaZs8fJQ8KmvfrYQm9uOFCn\nCwIDAQAB\n-----END PUBLIC KEY-----\n"
        }
      ],
      "x5u_trust_anchor": "-----BEGIN CERTIFICATE-----\nMIIDXzCCAkegAwIBAgIUKDzwc7wsPLlP4YVLEZDAme2lDUUwDQYJKoZIhvcNAQEL\nBQAwPzELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzEMMAoGA1UECwwD\nUiZEMQ4wDAYDVQQDDAVQUklWWDAeFw0yMjA1MTkwODUyMjlaFw0yMzA1MTQwODUy\nMjlaMD8xCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlTU0hDT01TRUMxDDAKBgNVBAsM\nA1ImRDEOMAwGA1UEAwwFUFJJVlgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQCiimR+7GIMpwHdcZPdOUXXh3IFRMly3M7zQ7aJfr0ZXNxdzH9MVWjwnV/x\nABLEdpbzDkbIvI1UyNzSWGgoz1M+tvlE3/BdyF8EJFjEy7nuxVy8PV7slHnzoQt5\ntfXbTpkv3+PJ4UrjBWNo/FwFuEIRv8bDV1xLGW3RKh5yicK/bJGxFXHFAIe/3UcC\n+DZLXu4Lcr8DFTiA6gbOUr90RiLpPO0qKYqG7GQ0VxP2XmAMhahBBcs8LE3trKon\nrQwHD83x6xuCuABh8Y+A4RadENjn1oC44zNUGVFUWesFFT6lWUg1wN6ezUNpk/wO\n63uB1pmzx8lDwqa9+thCb244UKcLAgMBAAGjUzBRMB0GA1UdDgQWBBRs5UC6jHc0\nuqp1ABqZrONLE1Rv1TAfBgNVHSMEGDAWgBRs5UC6jHc0uqp1ABqZrONLE1Rv1TAP\nBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA8lbh+wEJKZlEVtIJ/\nwswLjwnzXc0MxGJL7/zVAfn1XKN+igAhKFUK13tziRjM68/Qbe9ckr2VRmvNLOxE\nALsPx0poKruAMWuu3p1JHNjm3MrLRsC/K+Fogi1r1RiSoyZFBS2HVl+5hDbtW2bx\nUEm1dqYzELyAnjuIJFN1gZwMQP3abHuGQnmIF0nNHyNMBVU64i5mHuSulCY+pGur\nx93kOQNESHRGoYhCQwYJSI03BfcIRrv5BPCd98tpSfNXgoOga1vFSb1AwiWpq/zL\nu5z8eBbsLf9xmkylqMNZbZWsJFMv0r43cLA87Qo848YsJYpk51iIOZgGR6xTQF0+\nQ+M6\n-----END CERTIFICATE-----\n",
      "x5u_tls_trust_anchor": "-----BEGIN CERTIFICATE-----\nMIIDIzCCAgugAwIBAgIUV19HtBxY1nF7nfgk9X/YIyba4XEwDQYJKoZIhvcNAQEL\nBQAwITELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzAeFw0yMjA1MTkx\nMjI0NDhaFw0yMzA1MTkxMjI0NDhaMCExCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlT\nU0hDT01TRUMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtsoOmkZ7L\nPqTwPvhbMItewr92kY6HfityYmQ5gCHp6T03X6jvhiZYNM0FuhhGYHr9RNnBEuTB\nU1eKYgb59lUsLtNWAxy1D2riQ4/2P2jU6ldSEUrzAHQ0tYlkGAWecpzh601XBE9f\nBde1kDPzw5qdUGIt8oLTCaY0FydBHNOopxvbpO7kJGAxA8jsYrmvXaglMBSmChPg\nrubfTp1D07VuRDAJEQW9kwYWbO9PSSRGsGsg2ZQRpJpvqLzLb7iBjG68kJik+zBA\nYT4AkjItf71XvkzI+X18Rn4RuaYgKXUX5S1BVGy6JqbC+Zd6X/sJBsxx3h67RG8/\nbrOr2h86bgJ/AgMBAAGjUzBRMB0GA1UdDgQWBBT3gsAZ1c+rjewKAhZ/y/yHjC2w\nhjAfBgNVHSMEGDAWgBT3gsAZ1c+rjewKAhZ/y/yHjC2whjAPBgNVHRMBAf8EBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAQjNPfE7oTbYY8eqv9NoEB/OUD3VJRHFVT\nffYIag8/X1pz3lG1hYBy2XXSw4+1XDOH9Rgf+Ol78Sbse38ciVoZkwotkInJjdat\n6x5keBNdSQj97/Ec0xPZeM6ArTeajl12qlvgZUjUhz3xKdNwmbsBKGL+YdgMeOBg\nzyRcqMvynOH3KlxYyXbiEtx+Sw3FQflKZ+VZhlmmplsgnqk9YOByX6DZlP5thI2C\nPew6jTFHtJosa7G5l3V8qwQc1KXYkPIUr6yMOZhxrHuqZR+QuujXb4CFe8idHmgF\nTDfPuHLK9IAd4MfPxVwMhvvWezbYAnqojCF73n4k6KLKXH262s7s\n-----END CERTIFICATE-----\n",
      "x5u_prefix": "https://privx.io/token-issuer",
      "enabled": true,
      "users_directory": "5bf77342-221c-11ee-be56-0242ac120002",
      "author": "5bf77342-221c-11ee-be56-0242ac120002",
      "created": "2023-06-07T17:32:28Z",
      "updated": "2023-06-07T17:32:28Z",
      "updated_by": "string"
    }
  ]
}

post /role-store/api/v1/identity-providers

Create a new Identity Provider.

id

string

uuid

name

string

required

Identity provider name, must be unique

Min Length
2
Max Length
2042
Example
"Acme identity provider"

token_type

string

required

Token type. Only "JWT" is supported.

Enum
  • JWT
Example
"JWT"

jwt_issuer

string

required

JWT issuer

Max Length
2042
Example
"acme"

jwt_audience

string

Expected JWT audience. JWT aud claim must either have a single matching value or it must be have an array of values of which at least one value must match.

Max Length
2042
Example
"privx"

jwt_subject_type

string

required

JWT subject claim format

Enum
  • plain
  • dn
Example
"dn"

jwt_subject_dn_username_attribute

string

If jwt_subject_type is "dn" then jwt_subject_dn_username_attribute specifies the name of the attribute to be used as username when resolving the user

Example
"cn"

custom_attributes

array[object]

Example
[ { "field_name": "email", "type": "string_pattern", "expected_value": "*@privx.io" }, { "field_name": "instances", "type": "ip_range", "start": "192.168.3.1", "end": "192.168.3.254" }, { "field_name": "instances", "type": "ip_client" }, { "field_name": "uid", "type": "numeric_range", "start": "1001", "end": "65535" } ]

public_key_method

string

Method for obtaining the token verification public key

Enum
  • static
  • x5u
  • x5u-publickey

public_keys

array[object]

x5u_trust_anchor

string

PEM certificate or certificate chain

Trust anchor for verifying X.509 certificates fetched from x5u urls. Required if public_key_method is "x5u"

Example
"-----BEGIN CERTIFICATE-----\nMIIDXzCCAkegAwIBAgIUKDzwc7wsPLlP4YVLEZDAme2lDUUwDQYJKoZIhvcNAQEL\nBQAwPzELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzEMMAoGA1UECwwD\nUiZEMQ4wDAYDVQQDDAVQUklWWDAeFw0yMjA1MTkwODUyMjlaFw0yMzA1MTQwODUy\nMjlaMD8xCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlTU0hDT01TRUMxDDAKBgNVBAsM\nA1ImRDEOMAwGA1UEAwwFUFJJVlgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQCiimR+7GIMpwHdcZPdOUXXh3IFRMly3M7zQ7aJfr0ZXNxdzH9MVWjwnV/x\nABLEdpbzDkbIvI1UyNzSWGgoz1M+tvlE3/BdyF8EJFjEy7nuxVy8PV7slHnzoQt5\ntfXbTpkv3+PJ4UrjBWNo/FwFuEIRv8bDV1xLGW3RKh5yicK/bJGxFXHFAIe/3UcC\n+DZLXu4Lcr8DFTiA6gbOUr90RiLpPO0qKYqG7GQ0VxP2XmAMhahBBcs8LE3trKon\nrQwHD83x6xuCuABh8Y+A4RadENjn1oC44zNUGVFUWesFFT6lWUg1wN6ezUNpk/wO\n63uB1pmzx8lDwqa9+thCb244UKcLAgMBAAGjUzBRMB0GA1UdDgQWBBRs5UC6jHc0\nuqp1ABqZrONLE1Rv1TAfBgNVHSMEGDAWgBRs5UC6jHc0uqp1ABqZrONLE1Rv1TAP\nBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA8lbh+wEJKZlEVtIJ/\nwswLjwnzXc0MxGJL7/zVAfn1XKN+igAhKFUK13tziRjM68/Qbe9ckr2VRmvNLOxE\nALsPx0poKruAMWuu3p1JHNjm3MrLRsC/K+Fogi1r1RiSoyZFBS2HVl+5hDbtW2bx\nUEm1dqYzELyAnjuIJFN1gZwMQP3abHuGQnmIF0nNHyNMBVU64i5mHuSulCY+pGur\nx93kOQNESHRGoYhCQwYJSI03BfcIRrv5BPCd98tpSfNXgoOga1vFSb1AwiWpq/zL\nu5z8eBbsLf9xmkylqMNZbZWsJFMv0r43cLA87Qo848YsJYpk51iIOZgGR6xTQF0+\nQ+M6\n-----END CERTIFICATE-----\n"

x5u_tls_trust_anchor

string

PEM certificate or certificate chain

Trust anchor for TLS server certificates used when fetching X.509 certificates or public keys from x5u urls. If not specified then system trust anchors will be used.

Example
"-----BEGIN CERTIFICATE-----\nMIIDIzCCAgugAwIBAgIUV19HtBxY1nF7nfgk9X/YIyba4XEwDQYJKoZIhvcNAQEL\nBQAwITELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzAeFw0yMjA1MTkx\nMjI0NDhaFw0yMzA1MTkxMjI0NDhaMCExCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlT\nU0hDT01TRUMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtsoOmkZ7L\nPqTwPvhbMItewr92kY6HfityYmQ5gCHp6T03X6jvhiZYNM0FuhhGYHr9RNnBEuTB\nU1eKYgb59lUsLtNWAxy1D2riQ4/2P2jU6ldSEUrzAHQ0tYlkGAWecpzh601XBE9f\nBde1kDPzw5qdUGIt8oLTCaY0FydBHNOopxvbpO7kJGAxA8jsYrmvXaglMBSmChPg\nrubfTp1D07VuRDAJEQW9kwYWbO9PSSRGsGsg2ZQRpJpvqLzLb7iBjG68kJik+zBA\nYT4AkjItf71XvkzI+X18Rn4RuaYgKXUX5S1BVGy6JqbC+Zd6X/sJBsxx3h67RG8/\nbrOr2h86bgJ/AgMBAAGjUzBRMB0GA1UdDgQWBBT3gsAZ1c+rjewKAhZ/y/yHjC2w\nhjAfBgNVHSMEGDAWgBT3gsAZ1c+rjewKAhZ/y/yHjC2whjAPBgNVHRMBAf8EBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAQjNPfE7oTbYY8eqv9NoEB/OUD3VJRHFVT\nffYIag8/X1pz3lG1hYBy2XXSw4+1XDOH9Rgf+Ol78Sbse38ciVoZkwotkInJjdat\n6x5keBNdSQj97/Ec0xPZeM6ArTeajl12qlvgZUjUhz3xKdNwmbsBKGL+YdgMeOBg\nzyRcqMvynOH3KlxYyXbiEtx+Sw3FQflKZ+VZhlmmplsgnqk9YOByX6DZlP5thI2C\nPew6jTFHtJosa7G5l3V8qwQc1KXYkPIUr6yMOZhxrHuqZR+QuujXb4CFe8idHmgF\nTDfPuHLK9IAd4MfPxVwMhvvWezbYAnqojCF73n4k6KLKXH262s7s\n-----END CERTIFICATE-----\n"

x5u_prefix

string

uri

The url in the token's x5u claim must start with the x5u_prefix or it will be rejected. x5u_prefix must be a valid https url. Required if public_key_method is "x5u-publickey".

Example
"https://privx.io/token-issuer"

enabled

boolean

Enable/Disable Identity Provider

users_directory

string

uuid

required

ID of the PrivX user directory from which the users are resolved by token's sub claim. OIDC user directories are not supported.

author

string

uuid

Identity Provider Author

created

string

date-time

Creation time

updated

string

date-time

Time of the last update

updated_by

string

ID of the user who last updated the identity provider

Response

ExamplesSchema

Identity Provider Successfully created

{
  "id": "5bf77342-221c-11ee-be56-0242ac120002"
}

get /role-store/api/v1/identity-providers/{id}

Get Identity Provider by ID.

id

string

required

Identity Provider ID

Response

ExamplesSchema

Successful response, returns a Identity Provider if found

{
  "id": "5bf77342-221c-11ee-be56-0242ac120002",
  "name": "Acme identity provider",
  "token_type": "JWT",
  "jwt_issuer": "acme",
  "jwt_audience": "privx",
  "jwt_subject_type": "dn",
  "jwt_subject_dn_username_attribute": "cn",
  "custom_attributes": [
    {
      "field_name": "email",
      "type": "string_pattern",
      "expected_value": "*@privx.io"
    },
    {
      "field_name": "instances",
      "type": "ip_range",
      "start": "192.168.3.1",
      "end": "192.168.3.254"
    },
    {
      "field_name": "instances",
      "type": "ip_client"
    },
    {
      "field_name": "uid",
      "type": "numeric_range",
      "start": "1001",
      "end": "65535"
    }
  ],
  "public_key_method": "static",
  "public_keys": [
    {
      "key_id": "key-1",
      "comment": "string",
      "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoopkfuxiDKcB3XGT3TlF\n14dyBUTJctzO80O2iX69GVzcXcx/TFVo8J1f8QASxHaW8w5GyLyNVMjc0lhoKM9T\nPrb5RN/wXchfBCRYxMu57sVcvD1e7JR586ELebX1206ZL9/jyeFK4wVjaPxcBbhC\nEb/Gw1dcSxlt0SoeconCv2yRsRVxxQCHv91HAvg2S17uC3K/AxU4gOoGzlK/dEYi\n6TztKimKhuxkNFcT9l5gDIWoQQXLPCxN7ayqJ60MBw/N8esbgrgAYfGPgOEWnRDY\n59aAuOMzVBlRVFnrBRU+pVlINcDens1DaZP8Dut7gdaZs8fJQ8KmvfrYQm9uOFCn\nCwIDAQAB\n-----END PUBLIC KEY-----\n"
    }
  ],
  "x5u_trust_anchor": "-----BEGIN CERTIFICATE-----\nMIIDXzCCAkegAwIBAgIUKDzwc7wsPLlP4YVLEZDAme2lDUUwDQYJKoZIhvcNAQEL\nBQAwPzELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzEMMAoGA1UECwwD\nUiZEMQ4wDAYDVQQDDAVQUklWWDAeFw0yMjA1MTkwODUyMjlaFw0yMzA1MTQwODUy\nMjlaMD8xCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlTU0hDT01TRUMxDDAKBgNVBAsM\nA1ImRDEOMAwGA1UEAwwFUFJJVlgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQCiimR+7GIMpwHdcZPdOUXXh3IFRMly3M7zQ7aJfr0ZXNxdzH9MVWjwnV/x\nABLEdpbzDkbIvI1UyNzSWGgoz1M+tvlE3/BdyF8EJFjEy7nuxVy8PV7slHnzoQt5\ntfXbTpkv3+PJ4UrjBWNo/FwFuEIRv8bDV1xLGW3RKh5yicK/bJGxFXHFAIe/3UcC\n+DZLXu4Lcr8DFTiA6gbOUr90RiLpPO0qKYqG7GQ0VxP2XmAMhahBBcs8LE3trKon\nrQwHD83x6xuCuABh8Y+A4RadENjn1oC44zNUGVFUWesFFT6lWUg1wN6ezUNpk/wO\n63uB1pmzx8lDwqa9+thCb244UKcLAgMBAAGjUzBRMB0GA1UdDgQWBBRs5UC6jHc0\nuqp1ABqZrONLE1Rv1TAfBgNVHSMEGDAWgBRs5UC6jHc0uqp1ABqZrONLE1Rv1TAP\nBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA8lbh+wEJKZlEVtIJ/\nwswLjwnzXc0MxGJL7/zVAfn1XKN+igAhKFUK13tziRjM68/Qbe9ckr2VRmvNLOxE\nALsPx0poKruAMWuu3p1JHNjm3MrLRsC/K+Fogi1r1RiSoyZFBS2HVl+5hDbtW2bx\nUEm1dqYzELyAnjuIJFN1gZwMQP3abHuGQnmIF0nNHyNMBVU64i5mHuSulCY+pGur\nx93kOQNESHRGoYhCQwYJSI03BfcIRrv5BPCd98tpSfNXgoOga1vFSb1AwiWpq/zL\nu5z8eBbsLf9xmkylqMNZbZWsJFMv0r43cLA87Qo848YsJYpk51iIOZgGR6xTQF0+\nQ+M6\n-----END CERTIFICATE-----\n",
  "x5u_tls_trust_anchor": "-----BEGIN CERTIFICATE-----\nMIIDIzCCAgugAwIBAgIUV19HtBxY1nF7nfgk9X/YIyba4XEwDQYJKoZIhvcNAQEL\nBQAwITELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzAeFw0yMjA1MTkx\nMjI0NDhaFw0yMzA1MTkxMjI0NDhaMCExCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlT\nU0hDT01TRUMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtsoOmkZ7L\nPqTwPvhbMItewr92kY6HfityYmQ5gCHp6T03X6jvhiZYNM0FuhhGYHr9RNnBEuTB\nU1eKYgb59lUsLtNWAxy1D2riQ4/2P2jU6ldSEUrzAHQ0tYlkGAWecpzh601XBE9f\nBde1kDPzw5qdUGIt8oLTCaY0FydBHNOopxvbpO7kJGAxA8jsYrmvXaglMBSmChPg\nrubfTp1D07VuRDAJEQW9kwYWbO9PSSRGsGsg2ZQRpJpvqLzLb7iBjG68kJik+zBA\nYT4AkjItf71XvkzI+X18Rn4RuaYgKXUX5S1BVGy6JqbC+Zd6X/sJBsxx3h67RG8/\nbrOr2h86bgJ/AgMBAAGjUzBRMB0GA1UdDgQWBBT3gsAZ1c+rjewKAhZ/y/yHjC2w\nhjAfBgNVHSMEGDAWgBT3gsAZ1c+rjewKAhZ/y/yHjC2whjAPBgNVHRMBAf8EBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAQjNPfE7oTbYY8eqv9NoEB/OUD3VJRHFVT\nffYIag8/X1pz3lG1hYBy2XXSw4+1XDOH9Rgf+Ol78Sbse38ciVoZkwotkInJjdat\n6x5keBNdSQj97/Ec0xPZeM6ArTeajl12qlvgZUjUhz3xKdNwmbsBKGL+YdgMeOBg\nzyRcqMvynOH3KlxYyXbiEtx+Sw3FQflKZ+VZhlmmplsgnqk9YOByX6DZlP5thI2C\nPew6jTFHtJosa7G5l3V8qwQc1KXYkPIUr6yMOZhxrHuqZR+QuujXb4CFe8idHmgF\nTDfPuHLK9IAd4MfPxVwMhvvWezbYAnqojCF73n4k6KLKXH262s7s\n-----END CERTIFICATE-----\n",
  "x5u_prefix": "https://privx.io/token-issuer",
  "enabled": true,
  "users_directory": "5bf77342-221c-11ee-be56-0242ac120002",
  "author": "5bf77342-221c-11ee-be56-0242ac120002",
  "created": "2023-06-07T17:32:28Z",
  "updated": "2023-06-07T17:32:28Z",
  "updated_by": "string"
}

put /role-store/api/v1/identity-providers/{id}

Update a Identity Provider.

id

string

uuid

name

string

required

Identity provider name, must be unique

Min Length
2
Max Length
2042
Example
"Acme identity provider"

token_type

string

required

Token type. Only "JWT" is supported.

Enum
  • JWT
Example
"JWT"

jwt_issuer

string

required

JWT issuer

Max Length
2042
Example
"acme"

jwt_audience

string

Expected JWT audience. JWT aud claim must either have a single matching value or it must be have an array of values of which at least one value must match.

Max Length
2042
Example
"privx"

jwt_subject_type

string

required

JWT subject claim format

Enum
  • plain
  • dn
Example
"dn"

jwt_subject_dn_username_attribute

string

If jwt_subject_type is "dn" then jwt_subject_dn_username_attribute specifies the name of the attribute to be used as username when resolving the user

Example
"cn"

custom_attributes

array[object]

Example
[ { "field_name": "email", "type": "string_pattern", "expected_value": "*@privx.io" }, { "field_name": "instances", "type": "ip_range", "start": "192.168.3.1", "end": "192.168.3.254" }, { "field_name": "instances", "type": "ip_client" }, { "field_name": "uid", "type": "numeric_range", "start": "1001", "end": "65535" } ]

public_key_method

string

Method for obtaining the token verification public key

Enum
  • static
  • x5u
  • x5u-publickey

public_keys

array[object]

x5u_trust_anchor

string

PEM certificate or certificate chain

Trust anchor for verifying X.509 certificates fetched from x5u urls. Required if public_key_method is "x5u"

Example
"-----BEGIN CERTIFICATE-----\nMIIDXzCCAkegAwIBAgIUKDzwc7wsPLlP4YVLEZDAme2lDUUwDQYJKoZIhvcNAQEL\nBQAwPzELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzEMMAoGA1UECwwD\nUiZEMQ4wDAYDVQQDDAVQUklWWDAeFw0yMjA1MTkwODUyMjlaFw0yMzA1MTQwODUy\nMjlaMD8xCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlTU0hDT01TRUMxDDAKBgNVBAsM\nA1ImRDEOMAwGA1UEAwwFUFJJVlgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQCiimR+7GIMpwHdcZPdOUXXh3IFRMly3M7zQ7aJfr0ZXNxdzH9MVWjwnV/x\nABLEdpbzDkbIvI1UyNzSWGgoz1M+tvlE3/BdyF8EJFjEy7nuxVy8PV7slHnzoQt5\ntfXbTpkv3+PJ4UrjBWNo/FwFuEIRv8bDV1xLGW3RKh5yicK/bJGxFXHFAIe/3UcC\n+DZLXu4Lcr8DFTiA6gbOUr90RiLpPO0qKYqG7GQ0VxP2XmAMhahBBcs8LE3trKon\nrQwHD83x6xuCuABh8Y+A4RadENjn1oC44zNUGVFUWesFFT6lWUg1wN6ezUNpk/wO\n63uB1pmzx8lDwqa9+thCb244UKcLAgMBAAGjUzBRMB0GA1UdDgQWBBRs5UC6jHc0\nuqp1ABqZrONLE1Rv1TAfBgNVHSMEGDAWgBRs5UC6jHc0uqp1ABqZrONLE1Rv1TAP\nBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA8lbh+wEJKZlEVtIJ/\nwswLjwnzXc0MxGJL7/zVAfn1XKN+igAhKFUK13tziRjM68/Qbe9ckr2VRmvNLOxE\nALsPx0poKruAMWuu3p1JHNjm3MrLRsC/K+Fogi1r1RiSoyZFBS2HVl+5hDbtW2bx\nUEm1dqYzELyAnjuIJFN1gZwMQP3abHuGQnmIF0nNHyNMBVU64i5mHuSulCY+pGur\nx93kOQNESHRGoYhCQwYJSI03BfcIRrv5BPCd98tpSfNXgoOga1vFSb1AwiWpq/zL\nu5z8eBbsLf9xmkylqMNZbZWsJFMv0r43cLA87Qo848YsJYpk51iIOZgGR6xTQF0+\nQ+M6\n-----END CERTIFICATE-----\n"

x5u_tls_trust_anchor

string

PEM certificate or certificate chain

Trust anchor for TLS server certificates used when fetching X.509 certificates or public keys from x5u urls. If not specified then system trust anchors will be used.

Example
"-----BEGIN CERTIFICATE-----\nMIIDIzCCAgugAwIBAgIUV19HtBxY1nF7nfgk9X/YIyba4XEwDQYJKoZIhvcNAQEL\nBQAwITELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzAeFw0yMjA1MTkx\nMjI0NDhaFw0yMzA1MTkxMjI0NDhaMCExCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlT\nU0hDT01TRUMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtsoOmkZ7L\nPqTwPvhbMItewr92kY6HfityYmQ5gCHp6T03X6jvhiZYNM0FuhhGYHr9RNnBEuTB\nU1eKYgb59lUsLtNWAxy1D2riQ4/2P2jU6ldSEUrzAHQ0tYlkGAWecpzh601XBE9f\nBde1kDPzw5qdUGIt8oLTCaY0FydBHNOopxvbpO7kJGAxA8jsYrmvXaglMBSmChPg\nrubfTp1D07VuRDAJEQW9kwYWbO9PSSRGsGsg2ZQRpJpvqLzLb7iBjG68kJik+zBA\nYT4AkjItf71XvkzI+X18Rn4RuaYgKXUX5S1BVGy6JqbC+Zd6X/sJBsxx3h67RG8/\nbrOr2h86bgJ/AgMBAAGjUzBRMB0GA1UdDgQWBBT3gsAZ1c+rjewKAhZ/y/yHjC2w\nhjAfBgNVHSMEGDAWgBT3gsAZ1c+rjewKAhZ/y/yHjC2whjAPBgNVHRMBAf8EBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAQjNPfE7oTbYY8eqv9NoEB/OUD3VJRHFVT\nffYIag8/X1pz3lG1hYBy2XXSw4+1XDOH9Rgf+Ol78Sbse38ciVoZkwotkInJjdat\n6x5keBNdSQj97/Ec0xPZeM6ArTeajl12qlvgZUjUhz3xKdNwmbsBKGL+YdgMeOBg\nzyRcqMvynOH3KlxYyXbiEtx+Sw3FQflKZ+VZhlmmplsgnqk9YOByX6DZlP5thI2C\nPew6jTFHtJosa7G5l3V8qwQc1KXYkPIUr6yMOZhxrHuqZR+QuujXb4CFe8idHmgF\nTDfPuHLK9IAd4MfPxVwMhvvWezbYAnqojCF73n4k6KLKXH262s7s\n-----END CERTIFICATE-----\n"

x5u_prefix

string

uri

The url in the token's x5u claim must start with the x5u_prefix or it will be rejected. x5u_prefix must be a valid https url. Required if public_key_method is "x5u-publickey".

Example
"https://privx.io/token-issuer"

enabled

boolean

Enable/Disable Identity Provider

users_directory

string

uuid

required

ID of the PrivX user directory from which the users are resolved by token's sub claim. OIDC user directories are not supported.

author

string

uuid

Identity Provider Author

created

string

date-time

Creation time

updated

string

date-time

Time of the last update

updated_by

string

ID of the user who last updated the identity provider

Response

ExamplesSchema

Identity Provider successfully updated

Empty response

delete /role-store/api/v1/identity-providers/{id}

Delete Identity Provider by ID.

id

string

required

Identity Provider ID

Response

ExamplesSchema

Identity Provider Successfully deleted

Empty response

post /role-store/api/v1/identity-providers/search

Search Identity Providers.

keywords

string

comma or space separated list of search keywords

Response

ExamplesSchema

Successful response, returns a list of Identity Providers

{
  "count": 123,
  "items": [
    {
      "id": "5bf77342-221c-11ee-be56-0242ac120002",
      "name": "Acme identity provider",
      "token_type": "JWT",
      "jwt_issuer": "acme",
      "jwt_audience": "privx",
      "jwt_subject_type": "dn",
      "jwt_subject_dn_username_attribute": "cn",
      "custom_attributes": [
        {
          "field_name": "email",
          "type": "string_pattern",
          "expected_value": "*@privx.io"
        },
        {
          "field_name": "instances",
          "type": "ip_range",
          "start": "192.168.3.1",
          "end": "192.168.3.254"
        },
        {
          "field_name": "instances",
          "type": "ip_client"
        },
        {
          "field_name": "uid",
          "type": "numeric_range",
          "start": "1001",
          "end": "65535"
        }
      ],
      "public_key_method": "static",
      "public_keys": [
        {
          "key_id": "key-1",
          "comment": "string",
          "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoopkfuxiDKcB3XGT3TlF\n14dyBUTJctzO80O2iX69GVzcXcx/TFVo8J1f8QASxHaW8w5GyLyNVMjc0lhoKM9T\nPrb5RN/wXchfBCRYxMu57sVcvD1e7JR586ELebX1206ZL9/jyeFK4wVjaPxcBbhC\nEb/Gw1dcSxlt0SoeconCv2yRsRVxxQCHv91HAvg2S17uC3K/AxU4gOoGzlK/dEYi\n6TztKimKhuxkNFcT9l5gDIWoQQXLPCxN7ayqJ60MBw/N8esbgrgAYfGPgOEWnRDY\n59aAuOMzVBlRVFnrBRU+pVlINcDens1DaZP8Dut7gdaZs8fJQ8KmvfrYQm9uOFCn\nCwIDAQAB\n-----END PUBLIC KEY-----\n"
        }
      ],
      "x5u_trust_anchor": "-----BEGIN CERTIFICATE-----\nMIIDXzCCAkegAwIBAgIUKDzwc7wsPLlP4YVLEZDAme2lDUUwDQYJKoZIhvcNAQEL\nBQAwPzELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzEMMAoGA1UECwwD\nUiZEMQ4wDAYDVQQDDAVQUklWWDAeFw0yMjA1MTkwODUyMjlaFw0yMzA1MTQwODUy\nMjlaMD8xCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlTU0hDT01TRUMxDDAKBgNVBAsM\nA1ImRDEOMAwGA1UEAwwFUFJJVlgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQCiimR+7GIMpwHdcZPdOUXXh3IFRMly3M7zQ7aJfr0ZXNxdzH9MVWjwnV/x\nABLEdpbzDkbIvI1UyNzSWGgoz1M+tvlE3/BdyF8EJFjEy7nuxVy8PV7slHnzoQt5\ntfXbTpkv3+PJ4UrjBWNo/FwFuEIRv8bDV1xLGW3RKh5yicK/bJGxFXHFAIe/3UcC\n+DZLXu4Lcr8DFTiA6gbOUr90RiLpPO0qKYqG7GQ0VxP2XmAMhahBBcs8LE3trKon\nrQwHD83x6xuCuABh8Y+A4RadENjn1oC44zNUGVFUWesFFT6lWUg1wN6ezUNpk/wO\n63uB1pmzx8lDwqa9+thCb244UKcLAgMBAAGjUzBRMB0GA1UdDgQWBBRs5UC6jHc0\nuqp1ABqZrONLE1Rv1TAfBgNVHSMEGDAWgBRs5UC6jHc0uqp1ABqZrONLE1Rv1TAP\nBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA8lbh+wEJKZlEVtIJ/\nwswLjwnzXc0MxGJL7/zVAfn1XKN+igAhKFUK13tziRjM68/Qbe9ckr2VRmvNLOxE\nALsPx0poKruAMWuu3p1JHNjm3MrLRsC/K+Fogi1r1RiSoyZFBS2HVl+5hDbtW2bx\nUEm1dqYzELyAnjuIJFN1gZwMQP3abHuGQnmIF0nNHyNMBVU64i5mHuSulCY+pGur\nx93kOQNESHRGoYhCQwYJSI03BfcIRrv5BPCd98tpSfNXgoOga1vFSb1AwiWpq/zL\nu5z8eBbsLf9xmkylqMNZbZWsJFMv0r43cLA87Qo848YsJYpk51iIOZgGR6xTQF0+\nQ+M6\n-----END CERTIFICATE-----\n",
      "x5u_tls_trust_anchor": "-----BEGIN CERTIFICATE-----\nMIIDIzCCAgugAwIBAgIUV19HtBxY1nF7nfgk9X/YIyba4XEwDQYJKoZIhvcNAQEL\nBQAwITELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzAeFw0yMjA1MTkx\nMjI0NDhaFw0yMzA1MTkxMjI0NDhaMCExCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlT\nU0hDT01TRUMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtsoOmkZ7L\nPqTwPvhbMItewr92kY6HfityYmQ5gCHp6T03X6jvhiZYNM0FuhhGYHr9RNnBEuTB\nU1eKYgb59lUsLtNWAxy1D2riQ4/2P2jU6ldSEUrzAHQ0tYlkGAWecpzh601XBE9f\nBde1kDPzw5qdUGIt8oLTCaY0FydBHNOopxvbpO7kJGAxA8jsYrmvXaglMBSmChPg\nrubfTp1D07VuRDAJEQW9kwYWbO9PSSRGsGsg2ZQRpJpvqLzLb7iBjG68kJik+zBA\nYT4AkjItf71XvkzI+X18Rn4RuaYgKXUX5S1BVGy6JqbC+Zd6X/sJBsxx3h67RG8/\nbrOr2h86bgJ/AgMBAAGjUzBRMB0GA1UdDgQWBBT3gsAZ1c+rjewKAhZ/y/yHjC2w\nhjAfBgNVHSMEGDAWgBT3gsAZ1c+rjewKAhZ/y/yHjC2whjAPBgNVHRMBAf8EBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAQjNPfE7oTbYY8eqv9NoEB/OUD3VJRHFVT\nffYIag8/X1pz3lG1hYBy2XXSw4+1XDOH9Rgf+Ol78Sbse38ciVoZkwotkInJjdat\n6x5keBNdSQj97/Ec0xPZeM6ArTeajl12qlvgZUjUhz3xKdNwmbsBKGL+YdgMeOBg\nzyRcqMvynOH3KlxYyXbiEtx+Sw3FQflKZ+VZhlmmplsgnqk9YOByX6DZlP5thI2C\nPew6jTFHtJosa7G5l3V8qwQc1KXYkPIUr6yMOZhxrHuqZR+QuujXb4CFe8idHmgF\nTDfPuHLK9IAd4MfPxVwMhvvWezbYAnqojCF73n4k6KLKXH262s7s\n-----END CERTIFICATE-----\n",
      "x5u_prefix": "https://privx.io/token-issuer",
      "enabled": true,
      "users_directory": "5bf77342-221c-11ee-be56-0242ac120002",
      "author": "5bf77342-221c-11ee-be56-0242ac120002",
      "created": "2023-06-07T17:32:28Z",
      "updated": "2023-06-07T17:32:28Z",
      "updated_by": "string"
    }
  ]
}

Was this page helpful?