vcenter identity providers: oauth2 update spec
The
oauth2_update_spec structure contains the information used to update the OAuth2 identity provider. This structure was added in vSphere API 7.0.0.0.Representation:
{
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : {
"<string>" : {
"<string>" : [
"string",
"string"
]
}
},
"auth_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : {
"<string>" : [
"string",
"string"
]
},
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
}
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : {
"<string>" : {
"<string>" : [
"string",
"string"
]
}
},
"auth_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : {
"<string>" : [
"string",
"string"
]
},
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
}
{
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : [
{
"value" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"key" : "string"
}
],
"auth_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
}
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : [
{
"value" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"key" : "string"
}
],
"auth_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
}
Attributes:
| Name | Type | Description |
|---|---|---|
| Required | ||
| -.claim_map.* | object | Object with element values of type string[]. |
| -.claim_map.*.* | string[] | |
| -.auth_query_params.* | string[] | |
| Optional | ||
| -.auth_endpoint | URI | Authentication/authorization endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| -.token_endpoint | URI | Token endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| -.public_key_uri | URI | Endpoint to retrieve the provider public key for validation. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| -.client_id | string | Client identifier to connect to the provider. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| -.client_secret | string | Shared secret between identity provider and client. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| -.claim_map | object | The map used to transform an OAuth2 claim to a corresponding claim that vCenter Server understands. Currently only the key "perms" is supported. The key "perms" is used for mapping the "perms" claim of incoming JWT. The value is another map with an external group as the key and a vCenter Server group as value. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| -.issuer | string | The identity provider namespace. It is used to validate the issuer in the acquired OAuth2 token. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| -.authentication_method | string | Authentication method used by the provider. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| -.auth_query_params | object | key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details: If the value contains only one string, then the key is added with "k=v". If the value is an empty list, then the key is added without a "=v". If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. If the map is empty, deletes all params. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
Attributes:
| Name | Type | Description |
|---|---|---|
| Required | ||
| claim_map[].key | string | |
| claim_map[].value | list | List of {"key": string, "value": string[]} |
| claim_map[].value[].key | string | |
| claim_map[].value[].value | string[] | |
| Optional | ||
| auth_endpoint | URI | Authentication/authorization endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| token_endpoint | URI | Token endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| public_key_uri | URI | Endpoint to retrieve the provider public key for validation. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| client_id | string | Client identifier to connect to the provider. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| client_secret | string | Shared secret between identity provider and client. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| claim_map | list | The map used to transform an OAuth2 claim to a corresponding claim that vCenter Server understands. Currently only the key "perms" is supported. The key "perms" is used for mapping the "perms" claim of incoming JWT. The value is another map with an external group as the key and a vCenter Server group as value. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| issuer | string | The identity provider namespace. It is used to validate the issuer in the acquired OAuth2 token. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| authentication_method | string | Authentication method used by the provider. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |
| auth_query_params | list | key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details: If the value contains only one string, then the key is added with "k=v". If the value is an empty list, then the key is added without a "=v". If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. If the map is empty, deletes all params. This attribute was added in vSphere API 7.0.0.0. Optional. If unset, leaves value unchanged. |