创建 identityProvider(已弃用)
命名空间:microsoft.graph
重要
Microsoft Graph版本下的 /beta API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
注意
此标识提供程序 API 已弃用,并将在 2023 年 3 月之后停止返回数据。 请使用新的 标识提供程序 API。
创建新的 identityProvider 对象。
权限
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限。
| 权限类型 |
权限(从最低特权到最高特权) |
| 委派(工作或学校帐户) |
IdentityProvider.ReadWrite.All |
| 委派(Microsoft 个人帐户) |
不支持。 |
| 应用程序 |
IdentityProvider.ReadWrite.All |
工作或学校帐户需要属于以下角色之一:
HTTP 请求
POST /identityProviders
| 名称 |
说明 |
| Authorization |
Bearer {token}。必需。 |
| Content-Type |
application/json. Required. |
请求正文
在请求正文中,仅为 Azure AD B2C 对象提供identityProvider或openIdConnectProvider (JSON) 表示形式。 下表中列出的所有属性均未必需属性。
identityProvider 对象
| 属性 |
类型 |
说明 |
| clientId |
字符串 |
应用程序的客户端 ID。这是向标识提供程序注册应用程序时获取的客户端 ID。 |
| clientSecret |
字符串 |
应用程序的客户端密码。这是向标识提供程序注册应用程序时获取的客户端密码。 |
| name |
字符串 |
标识提供程序的显示名称。 |
| type |
字符串 |
标识提供程序类型。 对于 B2C 方案:MicrosoftGoogleAmazon领英FacebookGitHubTwitter微博QQ微信OpenIDConnect |
openIdConnectProvider 对象
| 属性 |
类型 |
说明 |
| clientId |
字符串 |
应用程序的客户端 ID。这是向标识提供程序注册应用程序时获取的客户端 ID。 |
| clientSecret |
字符串 |
应用程序的客户端密码。这是向标识提供程序注册应用程序时获取的客户端密码。 |
| name |
字符串 |
标识提供程序的显示名称。 |
| type |
字符串 |
标识提供程序类型。 值必须为 OpenIdConnect 。 |
| claimsMapping |
claimsMapping |
和 userId displayname 属性在 claimsMapping 对象中是必需的。 |
| metadataUrl |
String |
开放 ID 和标识提供程序的元数据连接 URL。 |
| responseMode |
String |
定义用于将数据从自定义标识提供程序发送回 B2C Azure AD的方法。 可以使用以下响应模式: form_post :建议采用此响应模式,以获得最佳安全性。 响应通过 HTTP POST 方法传输,使用 application/x-www-form-urlencoded 格式在正文中编码代码或令牌。query :代码或令牌作为查询参数返回。
|
| responseType |
String |
描述在初始调用自定义标识提供程序的 authorization_endpoint发送回的信息类型。 可以使用以下响应类型: code:根据授权代码流,代码将返回到 Azure AD B2C。 Azure AD B2C 继续调用 token_endpoint 以交换令牌代码。 id_token:ID 令牌从自定义标识Azure AD返回给 B2C。 token:访问令牌从自定义标识Azure AD返回到 B2C。 (当前 B2C 不支持Azure AD此值) |
| scope |
String |
范围定义要从自定义标识提供程序收集的信息和权限。 |
响应
如果成功,此方法仅对响应正文中的 Azure AD B2C) 对象返回 响应代码和 201 Created identityProvider或openIdConnectProvider (。 如果失败,将返回 4xx 错误并显示具体详细信息。
示例
示例 1:创建特定 identityProvider
请求
下面展示了示例请求。
POST https://graph.microsoft.com/beta/identityProviders
Content-type: application/json
{
"@odata.type": "microsoft.graph.identityProvider",
"name": "Login with Amazon",
"type": "Amazon",
"clientId": "56433757-cadd-4135-8431-2c9e3fd68ae8",
"clientSecret": "000000000000"
}
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
IdentityProvider identityProvider = new IdentityProvider();
identityProvider.name = "Login with Amazon";
identityProvider.type = "Amazon";
identityProvider.clientId = "56433757-cadd-4135-8431-2c9e3fd68ae8";
identityProvider.clientSecret = "000000000000";
graphClient.identityProviders()
.buildRequest()
.post(identityProvider);
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var identityProvider = new IdentityProvider
{
Name = "Login with Amazon",
Type = "Amazon",
ClientId = "56433757-cadd-4135-8431-2c9e3fd68ae8",
ClientSecret = "000000000000"
};
await graphClient.IdentityProviders
.Request()
.AddAsync(identityProvider);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProvider = {
'@odata.type': 'microsoft.graph.identityProvider',
name: 'Login with Amazon',
type: 'Amazon',
clientId: '56433757-cadd-4135-8431-2c9e3fd68ae8',
clientSecret: '000000000000'
};
await client.api('/identityProviders')
.version('beta')
.post(identityProvider);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityProviders"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphIdentityProvider *identityProvider = [[MSGraphIdentityProvider alloc] init];
[identityProvider setName:@"Login with Amazon"];
[identityProvider setType:@"Amazon"];
[identityProvider setClientId:@"56433757-cadd-4135-8431-2c9e3fd68ae8"];
[identityProvider setClientSecret:@"000000000000"];
NSError *error;
NSData *identityProviderData = [identityProvider getSerializedDataWithError:&error];
[urlRequest setHTTPBody:identityProviderData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewIdentityProvider()
name := "Login with Amazon"
requestBody.SetName(&name)
type := "Amazon"
requestBody.SetType(&type)
clientId := "56433757-cadd-4135-8431-2c9e3fd68ae8"
requestBody.SetClientId(&clientId)
clientSecret := "000000000000"
requestBody.SetClientSecret(&clientSecret)
requestBody.SetAdditionalData(map[string]interface{}{
"@odata.type": "microsoft.graph.identityProvider",
}
result, err := graphClient.IdentityProviders().Post(requestBody)
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
"@odata.type" = "microsoft.graph.identityProvider"
Name = "Login with Amazon"
Type = "Amazon"
ClientId = "56433757-cadd-4135-8431-2c9e3fd68ae8"
ClientSecret = "000000000000"
}
New-MgIdentityProvider -BodyParameter $params
响应
下面展示了示例响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "microsoft.graph.identityProvider",
"id": "Amazon-OAUTH",
"name": "Login with Amazon",
"type": "Amazon",
"clientId": "56433757-cadd-4135-8431-2c9e3fd68ae8",
"clientSecret": "*****"
}
示例 2:仅为 B2C (创建Azure AD openIDConnectProvider)
请求
下面展示了示例请求。
POST https://graph.microsoft.com/beta/identityProviders
Content-type: application/json
{
"@odata.type": "microsoft.graph.openIdConnectProvider",
"name": "Login with the Contoso identity provider",
"type": "OpenIDConnect",
"clientId": "56433757-cadd-4135-8431-2c9e3fd68ae8",
"clientSecret": "12345",
"claimsMapping": {
"userId": "myUserId",
"givenName": "myGivenName",
"surname": "mySurname",
"email": "myEmail",
"displayName": "myDisplayName"
},
"domainHint": "mycustomoidc",
"metadataUrl": "https://mycustomoidc.com/.well-known/openid-configuration",
"responseMode": "form_post",
"responseType": "code",
"scope": "openid"
}
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
OpenIdConnectProvider identityProvider = new OpenIdConnectProvider();
identityProvider.name = "Login with the Contoso identity provider";
identityProvider.type = "OpenIDConnect";
identityProvider.clientId = "56433757-cadd-4135-8431-2c9e3fd68ae8";
identityProvider.clientSecret = "12345";
ClaimsMapping claimsMapping = new ClaimsMapping();
claimsMapping.userId = "myUserId";
claimsMapping.givenName = "myGivenName";
claimsMapping.surname = "mySurname";
claimsMapping.email = "myEmail";
claimsMapping.displayName = "myDisplayName";
identityProvider.claimsMapping = claimsMapping;
identityProvider.domainHint = "mycustomoidc";
identityProvider.metadataUrl = "https://mycustomoidc.com/.well-known/openid-configuration";
identityProvider.responseMode = OpenIdConnectResponseMode.FORM_POST;
identityProvider.responseType = EnumSet.of(OpenIdConnectResponseTypes.CODE);
identityProvider.scope = "openid";
graphClient.identityProviders()
.buildRequest()
.post(identityProvider);
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var identityProvider = new OpenIdConnectProvider
{
Name = "Login with the Contoso identity provider",
Type = "OpenIDConnect",
ClientId = "56433757-cadd-4135-8431-2c9e3fd68ae8",
ClientSecret = "12345",
ClaimsMapping = new ClaimsMapping
{
UserId = "myUserId",
GivenName = "myGivenName",
Surname = "mySurname",
Email = "myEmail",
DisplayName = "myDisplayName"
},
DomainHint = "mycustomoidc",
MetadataUrl = "https://mycustomoidc.com/.well-known/openid-configuration",
ResponseMode = OpenIdConnectResponseMode.Form_post,
ResponseType = OpenIdConnectResponseTypes.Code,
Scope = "openid"
};
await graphClient.IdentityProviders
.Request()
.AddAsync(identityProvider);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProvider = {
'@odata.type': 'microsoft.graph.openIdConnectProvider',
name: 'Login with the Contoso identity provider',
type: 'OpenIDConnect',
clientId: '56433757-cadd-4135-8431-2c9e3fd68ae8',
clientSecret: '12345',
claimsMapping: {
userId: 'myUserId',
givenName: 'myGivenName',
surname: 'mySurname',
email: 'myEmail',
displayName: 'myDisplayName'
},
domainHint: 'mycustomoidc',
metadataUrl: 'https://mycustomoidc.com/.well-known/openid-configuration',
responseMode: 'form_post',
responseType: 'code',
scope: 'openid'
};
await client.api('/identityProviders')
.version('beta')
.post(identityProvider);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityProviders"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphIdentityProvider *identityProvider = [[MSGraphIdentityProvider alloc] init];
[identityProvider setName:@"Login with the Contoso identity provider"];
[identityProvider setType:@"OpenIDConnect"];
[identityProvider setClientId:@"56433757-cadd-4135-8431-2c9e3fd68ae8"];
[identityProvider setClientSecret:@"12345"];
MSGraphClaimsMapping *claimsMapping = [[MSGraphClaimsMapping alloc] init];
[claimsMapping setUserId:@"myUserId"];
[claimsMapping setGivenName:@"myGivenName"];
[claimsMapping setSurname:@"mySurname"];
[claimsMapping setEmail:@"myEmail"];
[claimsMapping setDisplayName:@"myDisplayName"];
[identityProvider setClaimsMapping:claimsMapping];
[identityProvider setDomainHint:@"mycustomoidc"];
[identityProvider setMetadataUrl:@"https://mycustomoidc.com/.well-known/openid-configuration"];
[identityProvider setResponseMode: [MSGraphOpenIdConnectResponseMode form_post]];
[identityProvider setResponseType: [MSGraphOpenIdConnectResponseTypes code]];
[identityProvider setScope:@"openid"];
NSError *error;
NSData *identityProviderData = [identityProvider getSerializedDataWithError:&error];
[urlRequest setHTTPBody:identityProviderData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewIdentityProvider()
name := "Login with the Contoso identity provider"
requestBody.SetName(&name)
type := "OpenIDConnect"
requestBody.SetType(&type)
clientId := "56433757-cadd-4135-8431-2c9e3fd68ae8"
requestBody.SetClientId(&clientId)
clientSecret := "12345"
requestBody.SetClientSecret(&clientSecret)
requestBody.SetAdditionalData(map[string]interface{}{
"@odata.type": "microsoft.graph.openIdConnectProvider",
"domainHint": "mycustomoidc",
"metadataUrl": "https://mycustomoidc.com/.well-known/openid-configuration",
"responseMode": "form_post",
"responseType": "code",
"scope": "openid",
}
result, err := graphClient.IdentityProviders().Post(requestBody)
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
"@odata.type" = "microsoft.graph.openIdConnectProvider"
Name = "Login with the Contoso identity provider"
Type = "OpenIDConnect"
ClientId = "56433757-cadd-4135-8431-2c9e3fd68ae8"
ClientSecret = "12345"
DomainHint = "mycustomoidc"
MetadataUrl = "https://mycustomoidc.com/.well-known/openid-configuration"
ResponseMode = "form_post"
ResponseType = "code"
Scope = "openid"
}
New-MgIdentityProvider -BodyParameter $params
响应
下面展示了示例响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "microsoft.graph.openIdConnectProvider",
"id": "OIDC-V1-MyTest-085a8a0c-58cb-4b6d-8e07-1328ea404e1a",
"name": "Login with the Contoso identity provider",
"type": "OpenIDConnect",
"clientId": "56433757-cadd-4135-8431-2c9e3fd68ae8",
"clientSecret": "12345",
"claimsMapping": {
"userId": "myUserId",
"givenName": "myGivenName",
"surname": "mySurname",
"email": "myEmail",
"displayName": "myDisplayName"
},
"domainHint": "mycustomoidc",
"metadataUrl": "https://mycustomoidc.com/.well-known/openid-configuration",
"responseMode": "form_post",
"responseType": "code",
"scope": "openid"
}