1. Overview
An Identity Provider is a named object that provides configuration to describe an external and/or social identity provider. This configuration will be used to perform an alternative login to the standard FusionAuth local login. FusionAuth currently supports a number of different identity provider types:
The type of the identity provider will determine the object’s properties as well as the validation that is performed. You can click into any of the identity provider API docs to get a list of that identity provider’s properties.
To learn how to configure these Identity Providers using the FusionAuth UI, go here Identity Providers.
1.1. Global Operations
2. Retrieve all Identity Providers
2.1. Request
Retrieve all of the Identity Providers
GET /api/identity-provider
2.2. Response
| Code | Description |
|---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 |
The object you requested doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
The response JSON might include different types of identity providers. Therefore, you should refer to the documentation for each type of identity provider to determine the response JSON format for that particular type. Each type has a Retrieve section in its documentation. This format will be the same format used by this API.
{
"identityProviders": [
{
"claimMap": {
"first_name": "firstName",
"last_name": "lastName",
"dept": "RegistrationData"
},
"domains": [
"acme.com",
"acme.org"
],
"headerKeyParameter" : "kid",
"id" : "a4e78daa-33a6-4844-b081-7779af1f09a4",
"name": "Acme Corp. ADFS",
"oauth2" : {
"authorization_endpoint" : "https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
"token_endpoint" : "https://acme.com/adfs/oauth2/token"
},
"type": "ExternalJWT",
"uniqueIdentityClaim": "email"
},
{
"appId": "385572258114379",
"applicationConfiguration": {
"1c212e59-0d0e-6b1a-ad48-f4f92793be32": {
"createRegistration": true,
"enabled": true
}
},
"buttonText": "Login with Facebook",
"client_secret": "72417eb5aa454ef2373b361d721cb074",
"enabled": true,
"fields": "email",
"id" : "56abdcc7-8bd9-4321-9621-4e9bbebae494",
"name": "Facebook",
"permissions": "email,profile_image",
"type": "Facebook"
},
{
"applicationConfiguration": {
"1c212e59-0d0e-6b1a-ad48-f4f92793be32": {
"createRegistration": true,
"enabled": true
}
},
"buttonText": "Login with Google",
"client_id": "254311943570-8e2i2hds0qdnee4124socceeh2q2mtjl.apps.googleusercontent.com",
"client_secret": "BRr7x7xz_-cXxIFznBDIdxF1",
"enabled": true,
"id": "82339786-3dff-42a6-aac6-1f1ceecb6c46",
"name": "Google",
"scope": "profile",
"type": "Google"
},
{
"applicationConfiguration": {
"1c212e59-0d0e-6b1a-ad48-f4f92793be32": {
"createRegistration": true,
"enabled": true
}
},
"buttonText": "Login with Twitter",
"consumerKey": "24iuleLRKIZUNhxuuUK6yDZwb",
"consumerSecret": "e2ZpAaAfxv2j9eeh6JTeNcXMWdVLjRNriXm4wSZt1f1Ss3Syp4",
"enabled": true,
"id": "45bb233c-0901-4236-b5ca-ac46e2e0a5a5",
"name": "Twitter",
"type": "Twitter"
}
]
}3. Lookup an Identity Provider
The Lookup API is intended to be used during an external login workflow.
For example, you might build your own login page. This page might collect the user’s email as the first step. That email address can be sent to this API to determine which identity provider was designated as the provider for this email address. If the identity provider is an OpenID Connect provider, then you might redirect the user over to that provider.
3.1. Request
Lookup an Identity Provider by domain/email
GET /api/identity-provider/lookup?domain={domain}
domain [String] Required |
The email domain or the full email address of the user.
For example, |
3.2. Response
The Lookup response is a subset of the Identity Provider configuration that would be returned by the normal identity provider retrieve operation. A 200 response code indicates the domain is managed and the response will contain a JSON body, a 404 response code indicates it is not managed by a configured Identity Provider.
| Code | Description |
|---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 |
The object you requested doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
identityProvider.id [UUID] |
The unique Id of the Identity Provider. |
identityProvider.name [String] |
The name of the Identity Provider. |
identityProvider.oauth2.authorization_endpoint [String] |
The OAuth2 Authorize endpoint. This may be used to as the redirect location to begin the authorize workflow so that it does not need to be hard coded in your application. |
identityProvider.oauth2.token_endpoint [String] |
The OAuth2 Token endpoint. This may be used during your integration so that this URI does not need to be hard coded in your application. |
{
"identityProvider" : {
"id" : "a4e78daa-33a6-4844-b081-7779af1f09a4",
"name" : "Acme Corp. ADFS",
"oauth2" : {
"authorization_endpoint" : "https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
"token_endpoint" : "https://acme.com/adfs/oauth2/token"
}
}
}