POST OAuth/CreateJwtMapping
Creates a new OAuth JWT mapping.
Requirements
- Roles: Admin. See OAuth roles for more information.
- Token scope: Admin
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Order |
Name |
Description |
---|---|---|
1 |
Name string |
(Required)The name of the application |
2 |
IssuerUri string |
(Required)The Issuer URI to be trusted for this mapping |
3 |
PurposeField string |
(Required)The name of the JWT field indicating the purpose |
4 |
PurposeMatch string |
(Required)The value the purpose field must have to accept a token |
5 |
IdField string |
(Required)The name of the JWT field indicating the identity owning the token |
6 |
IdMatch string |
(Required)The regular expression to apply against the id field to obtain the identity. If no GranteePrefixedUniversal is specified, the first group matching the expression is used to determine the identity |
7 |
GranteePrefixedUniversal string |
|
Returns
Name |
Description |
---|---|
HTTP 200 |
See OAuth result codes. A JwtMapping object is returned showing the values that were passed in the request. For value descriptions, see the Parameters section above. |
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:
|
HTTP 401 |
For authentication errors, this call returns HTTP 401 Unauthorized and the following data in the message body:
|
HTTP 403 |
If the response is HTTP 403 Forbidden, the requester's token does not include the admin scope. Call POST Authorize/Oauth with the correct scope and restriction. Update the header with the new token and retry.
|
Examples
Request with GranteePrefixedUniversal
POST /vedsdk/oauth/CreateJwtMapping HTTP/1.1 Host: tpp-server-url Content-Type: application/json Accept: application/json Authorization: Bearer 4MyGeneratedBearerTknz== { "IdField": "sub", "IdMatch": "PDnW4ovpwjkhVWkGjxW4F5yZvmxEwGV7@clients", "IssuerUri": "https:\/\/dev-g55ca78eoi1f0w71.us.auth0.com\/", "Name": "Example JWT mapping", "PurposeField": "aud", "PurposeMatch": "https:\/\/example.venafi.com\/vedauth", "GranteePrefixedUniversal": "local:{77a4cdda-12f2-4d83-aaff-8a3682d014cc}" }
Response
{ "JwtMapping": { "GranteePrefixedUniversal": "local:{77a4cdda-12f2-4d83-aaff-8a3682d014cc}", "IdField": "sub", "IdMatch": "PDnW4ovpwjkhVWkGjxW4F5yZvmxEwGV7@clients", "IssuerUri": "https://dev-g55ca78eoi1f0w71.us.auth0.com/", "Name": "Example JWT mapping", "PurposeField": "aud", "PurposeMatch": "https://example.venafi.com/vedauth" }, "Result": 0, "Success": true }
Request with IdMatch Regex
POST /vedsdk/oauth/CreateJwtMapping HTTP/1.1 Host: tpp-server-url Content-Type: application/json Accept: application/json Authorization: Bearer 4MyGeneratedBearerTknz== { "IdField": "sub", "IdMatch": "(.*@example.com)", "IssuerUri": "https:\/\/dev-g55ca78eoi1f0w71.us.auth0.com\/", "Name": "Example JWT mapping 2", "PurposeField": "aud", "PurposeMatch": "https:\/\/example.venafi.com\/vedauth" }
Response
{ "JwtMapping": { "IdField": "sub", "IdMatch": "(.*@example.com)", "IssuerUri": "https://dev-g55ca78eoi1f0w71.us.auth0.com/", "Name": "Example JWT mapping 2", "PurposeField": "aud", "PurposeMatch": "https://example.venafi.com/vedauth" }, "Result": 0, "Success": true }