Concerned about Okta's acquisition of Auth0?   Read how Deal Closer switched from Auth0 to FusionAuth

FusionAuth logo
FusionAuth logo
  • Features
    FusionAuth Reactor

    FusionAuth Reactor is a powerful suite of features developed to extend FusionAuth's core functionality.

    • Flexible Architecture   Flexible Architecture
    • Auth the Way You Want It   Auth the Way You Want It
    • Security & Compliance   Security & Compliance
    • Ultimate Password Control   Ultimate Password Control
    • Customizable User Experience   Customizable User Experience
    • Advanced Registration Forms   Advanced Registration Forms
    • Built for Devs   Built for Devs
    • User Management & Reporting   User Management & Reporting
    • Scalability   Scalability
    • Single Sign-on   Single Sign-on
    • Breached Password Detection   Breached Password Detection
    • Connectors   Connectors
    • FusionAuth Reactor   FusionAuth Reactor
  • Pricing
    Cloud Pricing

    Let us host, monitor, manage, and maintain your deployments in your own private cloud.

    SEE PRICING cloud pricing   See FusionAuth Cloud Pricing
    Editions Pricing

    A powerful set of features with available support that extends FusionAuth's core functionality.

    SEE PRICING edition pricing   See FusionAuth Edition Pricing
    Editions + Cloud

    FusionAuth will handle everything so you can get back to building something awesome.

    GET STARTED Get started
  • Docs
  • Downloads
  • Resources
    FusionAuth Resources
    • Upgrade from SaaS
    • Upgrade from Open Source
    • Upgrade from Home Grown
    • Blog   Blog
    • Forum   Forum
    • Community & Support   Community & Support
    • Customer & Partners   Customers & Partners
    • Video & Podcasts   Videos & Podcasts
    • Getting Started   Getting Started
  • Expert Advice
    Expert Advice for Developers

    Learn everything you need to know about authentication, authorization, identity, and access management from our team of industry experts.

    • Authentication   Authentication
    • CIAM   CIAM
    • Identity Basics   Identity Basics
    • OAuth   OAuth
    • Security   Security
    • Tokens   Tokens
    • Dev Tools   Dev Tools
  • Account
Navigate to...
  • Welcome
  • Getting Started
  • 5-Minute Setup Guide
  • Reactor
  • Core Concepts
    • Overview
    • Users
    • Roles
    • Groups
    • Registrations
    • Applications
    • Tenants
    • Identity Providers
    • Authentication and Authorization
    • Integration Points
    • Roadmap
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cluster
    • Docker
    • Fast Path
    • Kickstart™
    • Homebrew
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Securing
    • Upgrading
  • APIs
    • Overview
    • Authentication
    • Errors
    • Actioning Users
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consent
    • Emails
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Apple
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Twitter
      • OpenID Connect
      • SAML v2
      • External JWT
    • Integrations
    • JWT
    • Keys
    • Lambdas
    • Login
    • Passwordless
    • Registrations
    • Reports
    • System
    • Tenants
    • Themes
    • Two Factor
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • Webhooks
  • Client Libraries
    • Overview
    • Dart
    • Go
    • Java
    • JavaScript
    • .NET Core
    • Node
    • PHP
    • Python
    • Ruby
    • Typescript
  • Themes
    • Overview
    • Localization
    • Examples
  • Email & Templates
    • Overview
    • Configure Email
    • Email Templates
  • Events & Webhooks
    • Overview
    • Events
    • Writing a Webhook
    • Securing Webhooks
  • Example Apps
    • Overview
    • Go
    • Java
    • JavaScript
    • .NET Core
    • PHP
    • Python
    • Ruby
  • Lambdas
    • Overview
    • Apple Reconcile
    • External JWT Reconcile
    • Facebook Reconcile
    • Google Reconcile
    • HYPR Reconcile
    • JWT Populate
    • LDAP Connector Reconcile
    • LinkedIn Reconcile
    • OpenID Connect Reconcile
    • SAML v2 Populate
    • SAML v2 Reconcile
    • Twitter Reconcile
  • Identity Providers
    • Overview
    • Apple
    • Facebook
    • Google
    • HYPR
    • LinkedIn
    • Twitter
    • OpenID Connect
      • Overview
      • Azure AD
      • Github
      • Discord
    • SAML v2
      • Overview
      • ADFS
    • External JWT
      • Overview
      • Example
  • Connectors
    • Overview
    • Generic Connector
    • LDAP Connector
    • FusionAuth Connector
  • Integrations
    • Overview
    • CleanSpeak
    • Kafka
    • Twilio
  • OpenID Connect & OAuth 2.0
    • Overview
    • Endpoints
    • Tokens
  • SAML v2 IdP
    • Overview
    • Google
    • Zendesk
  • Plugins
    • Writing a Plugin
    • Password Encryptors
  • Guides
    • Overview
    • Advanced Registration Forms
    • Breached Password Detection
    • Migration
    • Passwordless
    • Securing Your APIs
    • Silent Mode
    • Single Sign-on
  • Tutorials
    • Overview
    • Setup Wizard & First Login
    • Register/Login a User
    • Migrate Users
    • JSON Web Tokens
    • Authentication Tokens
    • Start and Stop FusionAuth
    • Switch Search Engines
    • User Account Lockout
    • Two Factor
  • Reference
    • CORS
    • Configuration
    • Data Types
    • Known Limitations
    • Password Encryptors
  • Release Notes
  • Troubleshooting

Identity Provider API Overview

Overview

An Identity Provider is a named object that provides configuration to describe an external and/or social identity provider. This configuration will be used to perform an alternative login to the standard FusionAuth local login. FusionAuth currently supports a number of different identity provider types:

  • Apple

  • Facebook

  • Google

  • HYPR

  • Twitter

  • OpenID Connect

  • SAML v2

  • External JWT

The type of the identity provider will determine the object’s properties as well as the validation that is performed. You can click into any of the identity provider API docs to get a list of that identity provider’s properties.

To learn how to configure these Identity Providers using the FusionAuth UI, go here Identity Providers.

Global Operations

  • Retrieve all Identity Providers

  • Lookup an Identity Provider

Retrieve all Identity Providers

Request

Retrieve all of the Identity Providers

URI

GET /api/identity-provider

Response

Table 1. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

The response JSON might include different types of identity providers. Therefore, you should refer to the documentation for each type of identity provider to determine the response JSON format for that particular type. Each type has a Retrieve section in its documentation. This format will be the same format used by this API.

Example Response JSON
{
  "identityProviders": [
    {
      "claimMap": {
        "first_name": "firstName",
        "last_name": "lastName",
        "dept": "RegistrationData"
      },
      "domains": [
        "acme.com",
        "acme.org"
      ],
      "headerKeyParameter" : "kid",
      "id" : "a4e78daa-33a6-4844-b081-7779af1f09a4",
      "insertInstant": 1595361142909,
      "lastUpdateInstant": 1595361143101,
      "name": "Acme Corp. ADFS",
      "oauth2" : {
        "authorization_endpoint" : "https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
        "token_endpoint" : "https://acme.com/adfs/oauth2/token"
      },
      "type": "ExternalJWT",
      "uniqueIdentityClaim": "email"
    },
    {
      "appId": "385572258114379",
      "applicationConfiguration": {
        "1c212e59-0d0e-6b1a-ad48-f4f92793be32": {
          "createRegistration": true,
          "enabled": true
        }
      },
      "buttonText": "Login with Facebook",
      "client_secret": "72417eb5aa454ef2373b361d721cb074",
      "enabled": true,
      "fields": "email",
      "id" : "56abdcc7-8bd9-4321-9621-4e9bbebae494",
      "insertInstant": 1595361142909,
      "lastUpdateInstant": 1595361143101,
      "name": "Facebook",
      "permissions": "email,profile_image",
      "type": "Facebook"
    },
    {
      "applicationConfiguration": {
        "1c212e59-0d0e-6b1a-ad48-f4f92793be32": {
          "createRegistration": true,
          "enabled": true
        }
      },
      "buttonText": "Login with Google",
      "client_id": "254311943570-8e2i2hds0qdnee4124socceeh2q2mtjl.apps.googleusercontent.com",
      "client_secret": "BRr7x7xz_-cXxIFznBDIdxF1",
      "enabled": true,
      "id": "82339786-3dff-42a6-aac6-1f1ceecb6c46",
      "insertInstant": 1595361142909,
      "lastUpdateInstant": 1595361143101,
      "name": "Google",
      "scope": "profile",
      "type": "Google"
    },
    {
      "applicationConfiguration": {
        "1c212e59-0d0e-6b1a-ad48-f4f92793be32": {
          "createRegistration": true,
          "enabled": true
        }
      },
      "buttonText": "Login with Twitter",
      "consumerKey": "24iuleLRKIZUNhxuuUK6yDZwb",
      "consumerSecret": "e2ZpAaAfxv2j9eeh6JTeNcXMWdVLjRNriXm4wSZt1f1Ss3Syp4",
      "enabled": true,
      "id": "45bb233c-0901-4236-b5ca-ac46e2e0a5a5",
      "insertInstant": 1595361142909,
      "lastUpdateInstant": 1595361143101,
      "name": "Twitter",
      "type": "Twitter"
    }
  ]
}

Lookup an Identity Provider

The Lookup API is intended to be used during an external login workflow.

For example, you might build your own login page. This page might collect the user’s email as the first step. That email address can be sent to this API to determine which identity provider was designated as the provider for this email address. If the identity provider is an OpenID Connect provider, then you might redirect the user over to that provider.

Request

Lookup an Identity Provider by domain/email

URI

GET /api/identity-provider/lookup?domain={domain}

Request Parameters

domain [String] Required

The email domain or the full email address of the user.

For example, jenny@acme.com and acme.com are functionally equivalent.

Response

The Lookup response is a subset of the Identity Provider configuration that would be returned by the normal identity provider retrieve operation. A 200 response code indicates the domain is managed and the response will contain a JSON body, a 404 response code indicates it is not managed by a configured Identity Provider.

Table 2. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

404

The requested domain is not being managed by a configured Identity Provider.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

Example Response JSON

identityProvider.applicationIds [Array<UUID>] Available since 1.16.0

The list of Application Ids that are enabled for this Identity Provider.

identityProvider.id [UUID]

The unique Id of the Identity Provider.

identityProvider.idpEndpoint [String] Available since 1.16.0

The configured SAML v2 endpoint. This value will only be returned for a SAML v2 Identity Provider. This may be used to aid in building the SAML request so that it does not need to be hard coded in your application.

identityProvider.insertInstant [Long]

The instant that the provider was added to the FusionAuth database.

identityProvider.lastUpdateInstant [Long]

The instant that the provider was updated in the FusionAuth database.

identityProvider.name [String]

The name of the Identity Provider.

identityProvider.oauth2.authorization_endpoint [String]

The OAuth2 Authorize endpoint. This may be used to as the redirect location to begin the authorize workflow so that it does not need to be hard coded in your application.

identityProvider.oauth2.token_endpoint [String]

The OAuth2 Token endpoint. This may be used during your integration so that this URI does not need to be hard coded in your application.

Example Response JSON for an ExternalJWT or OpenID Connect IdP
{
  "identityProvider" : {
    "applicationIds": [
      "0d5244df-053c-4ff6-b2db-1e04c388dae3"
    ],
    "id" : "a4e78daa-33a6-4844-b081-7779af1f09a4",
    "name" : "Acme Corp. ADFS OpenID Connect",
    "oauth2" : {
      "authorization_endpoint" : "https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
      "token_endpoint" : "https://acme.com/adfs/oauth2/token"
    }
  }
}
Example Response JSON for a SAML v2 IdP
{
  "identityProvider" : {
    "applicationIds": [
      "0d5244df-053c-4ff6-b2db-1e04c388dae3"
    ],
    "id" : "d94f81eb-287b-466a-ac6a-fb29c83f598c",
    "idpEndpoint": "https://login.microsoftonline.com/475bffef-4669-4e64-8f6c-b1ff41f16242/saml2",
    "name" : "Acme Corp. SAML v2 ADFS"
  }
}

Feedback

How helpful was this page?

See a problem?

File an issue in our docs repo

Quick Links

  • Download
  • Cloud Pricing
  • Editions Pricing
  • Contact Us
  • Jobs (come work with us)
  • My Account

Resources

  • Docs
  • Blog
  • Community & Support
  • Upgrade from SaaS
  • Upgrade from Homegrown
  • Upgrade from Open Source

Everything Else

  • Privacy Policy
  • Product Privacy Policy
  • License
  • License FAQ
  • Enterprise Sales FAQ
  • Security (contact, bug bounty, etc)
  • Technical Support

Connect with Us

logo
Subscribe for Updates
We only send dev friendly newsletters. No marketing fluff!
© 2021 FusionAuth