Identity Service API Data Structures
{
"scope": "string",
"access_token": "string",
"refresh_token": "string",
"id_token": "string",
"token_type": "string",
"expires_in": "integer"
}
Scope
Access Token
Refresh Token
ID Token
Token Type
Access Token Expiration
{
"serviceDefinitionLinks": [
"string"
],
"results": [
{
"name": "string",
"displayName": "string",
"descriptionLong": "string",
"isGated": "boolean",
"visible": "boolean",
"serviceUrls": {
"offerConfiguration": "string",
"serviceHome": "string",
"requestAccess": "string"
},
"serviceRoles": [
"ServiceRoleResponse Object"
],
"organizationLink": "string",
"documentSelfLink": "string",
"healthCheckURL": "string",
"serviceIcon": "string",
"serviceNavBarIcon": "string",
"isPrimary": "boolean",
"isBeta": "boolean"
}
]
}
serviceDefinitionLinks
Roles and service roles to be granted to this client.
{
"allRoles": "boolean",
"servicesScopes": [
{
"allRoles": "boolean",
"roleNames": [
"string"
],
"roles": [
{
"name": "string",
"resource": "string"
}
],
"serviceDefinitionId": "string"
}
],
"organizationScopes": {
"allRoles": "boolean",
"roleNames": [
"string"
],
"roles": [
{
"name": "string"
}
]
},
"generalScopes": [
"string"
]
}
For CSP compatibility, ignored by the Identity Service.
For CSP compatibility, ignored by the Identity Service.
{
"refresh_token": "string"
}
The refresh token.
{
"grant_type": "string",
"refresh_token": "string",
"code": "string",
"state": "string",
"redirect_uri": "string",
"client_id": "string",
"client_secret": "string",
"scope": "string",
"orgId": "string"
}
The type of authorization to be performed.
The refresh token when grant_type
is set to refresh_token
The authorization code when grant_type
is set to authorization_code
A transparent state of the request.
The URI to which a redirect will be performed upon successful authorization.
The client ID when grant_type
is set to client_credentials
. Will be ignored if the Authorization
header is set.
The client secret when grant_type
is set to client_credentials
. Will be ignored if the Authorization
header is set.
Currently not supported. Present for CSP compatibility.
When grant_type
is set to client_credentials
if this parameter is set the issued token will be limited to the specified organization.
For CSP compatibility, ignored by the Identity Service.
{
"name": "string"
}
For CSP compatibility, ignored by the Identity Service.
{
"username": "string",
"firstName": "string",
"lastName": "string",
"domain": "string",
"idpId": "string",
"accessible": "boolean"
}
username
firstName
lastName
domain
idpId
accessible
{
"clientId": "string",
"clientSecret": "string"
}
The client ID.
The client secret.
{
"clientIdsToDelete": [
"string"
]
}
A set of client IDs to delete.
{
"id": "string",
"displayName": "string",
"domain": "string",
"usersCount": "integer",
"organizationRoles": [
{
"id": "string",
"orgId": "string",
"name": "string",
"displayName": "string"
}
],
"serviceRoles": [
{
"serviceDefinitionId": "string",
"serviceRoleNames": [
"string"
]
}
]
}
The group ID.
The group display name.
The group domain.
The number of users members of this group.
{
"user": {
"username": "string",
"firstName": "string",
"lastName": "string",
"domain": "string",
"idpId": "string",
"accessible": "boolean"
},
"orgId": "string",
"organizationRoles": [
{
"id": "string",
"name": "string",
"displayName": "string",
"membershipType": "string"
}
],
"serviceRoles": [
{
"serviceDefinitionId": "string",
"serviceRoles": [
{
"roleName": "string",
"roleDisplayName": "string",
"membershipType": "string"
}
]
}
]
}
orgId
The list of results.
{
"id": "string",
"displayName": "string",
"domain": "string",
"usersCount": "integer"
}
The group ID.
The group display name.
The group domain.
The number of users members of this group.
{
"idToken": "string"
}
The ID token.
{
"sub": "string",
"iss": "string",
"context": "string",
"username": "string",
"email": "string",
"domain": "string",
"iat": "integer",
"exp": "integer",
"aud": [
"string"
],
"acct": "string",
"context_name": "string",
"given_name": "string",
"family_name": "string",
"email_verified": "boolean",
"auth_time": "integer",
"group_names": [
"string"
],
"group_ids": [
"string"
]
}
The user on behalf of which the token was issued.
The issuer of the token (URL of Identity Service).
The context in which the token was issued.
The user's username.
The user's email.
The domain the user belongs to.
Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the token was issued.
Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the token will expire.
The list of audience(s). OAuth client(s) the token is issued to.
The user's account identifier, the acct claim can be a combination of the user's username and domain in URLEncoded(username)@domain format or the user's email or the UPN of the user.
The context name in which the token was issued.
The user's given name.
The user's family name.
True if the user's e-mail address has been verified; otherwise false.
Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the user was originally authenticated.
Names of the groups the user belongs to.
Identifiers of the groups the user belongs to.
{
"username": "string",
"password": "string",
"domain": "string",
"scope": "string"
}
The username.
The password.
The user's domain.
Scope of the issued token.
Organization OAuth App Creation Request
{
"id": "string",
"secret": "string",
"displayName": "string",
"description": "string",
"redirectUris": [
"string"
],
"grantTypes": [
"string"
],
"accessTokenTTL": "integer",
"refreshTokenTTL": "integer",
"maxGroupsInIdToken": "integer",
"allowedScopes": {
"allRoles": "boolean",
"servicesScopes": [
{
"allRoles": "boolean",
"roleNames": [
"string"
],
"roles": [
{
"name": "string",
"resource": "string"
}
],
"serviceDefinitionId": "string"
}
],
"organizationScopes": {
"allRoles": "boolean",
"roleNames": [
"string"
],
"roles": [
{
"name": "string"
}
]
},
"generalScopes": [
"string"
]
}
}
The client ID. If not set one will be generated.
The client secret. If not set one will be generated.
Display name for the client.
Description for the client.
Redirect URIs for the client. Only the first one will be taken into account by the Identity Service.
Client grant types.
Time to live for the access token, generated for this client, in seconds. Defaults to 0 if not set, i.e. the token will be issued already expired.
Time to live for the refresh token, generated for this client, in seconds. Defaults to 0 if not set, i.e. the token will be issued already expired.
For CSP compatibility, ignored by the Identity Service. Note that the value will be persisted and may become effective in the future releases.
{
"name": "string",
"displayName": "string",
"refLink": "string",
"id": "string",
"parentRefLink": "string"
}
name
displayName
refLink
id
metadata
parentRefLink
{
"id": "string",
"orgId": "string",
"name": "string",
"displayName": "string"
}
id
orgId
name
displayName
Roles to be granted.
{
"allRoles": "boolean",
"roleNames": [
"string"
],
"roles": [
{
"name": "string"
}
]
}
For CSP compatibility, ignored by the Identity Service.
List of role role/service role names to add.
{
"refLinks": [
"string"
],
"items": [
{
"name": "string",
"displayName": "string",
"refLink": "string",
"id": "string",
"parentRefLink": "string"
}
]
}
refLinks
{
"results": [
{
"user": {
"username": "string",
"firstName": "string",
"lastName": "string",
"domain": "string",
"idpId": "string",
"accessible": "boolean"
},
"orgId": "string",
"organizationRoles": [
{
"id": "string",
"name": "string",
"displayName": "string",
"membershipType": "string"
}
],
"serviceRoles": [
{
"serviceDefinitionId": "string",
"serviceRoles": [
{
"roleName": "string",
"roleDisplayName": "string",
"membershipType": "string"
}
]
}
]
}
],
"nextLink": "string",
"prevLink": "string",
"totalResults": "integer"
}
URL to the next page of results.
URL to the previous page of result.
The total number of results on all pages.
{
"results": [
{
"id": "string",
"displayName": "string",
"domain": "string",
"usersCount": "integer"
}
],
"nextLink": "string",
"prevLink": "string",
"totalResults": "integer"
}
URL to the next page of results.
URL to the previous page of result.
The total number of results on all pages.
{
"succeeded": [
"string"
],
"failed": [
"string"
]
}
A set of the successfully performed operations.
A set of the failed operations.
{
"alg": "string",
"value": "string",
"issuer": "string",
"keys": [
{}
]
}
The algorithm associated with the public key.
The public key. Set in the case of pem
format.
The issuer for the public key.
The list of the currently valid public keys. Set in the case of jwks
format. The model of this property is a Map
of JsonWebKey
objects.
{
"refLink": "string"
}
refLink
{
"id": "string",
"createdMillis": "integer",
"updatedMillis": "integer",
"name": "string",
"displayName": "string",
"orgId": "string",
"organizationLink": "string",
"refLink": "string",
"userIds": [
"string"
],
"groupIds": [
"string"
]
}
id
createdMillis
updatedMillis
name
displayName
orgId
organizationLink
refLink
userIds
groupIds
{
"refLink": "string",
"name": "string",
"displayName": "string",
"organizationLink": "string"
}
refLink
name
displayName
organizationLink
{
"results": [
{
"id": "string",
"displayName": "string",
"domain": "string",
"usersCount": "integer",
"organizationRoles": [
{
"id": "string",
"orgId": "string",
"name": "string",
"displayName": "string"
}
],
"serviceRoles": [
{
"serviceDefinitionId": "string",
"serviceRoleNames": [
"string"
]
}
]
}
]
}
{
"results": [
{
"user": {
"username": "string",
"firstName": "string",
"lastName": "string",
"domain": "string",
"idpId": "string",
"accessible": "boolean"
},
"orgId": "string",
"organizationRoles": [
{
"id": "string",
"name": "string",
"displayName": "string",
"membershipType": "string"
}
],
"serviceRoles": [
{
"serviceDefinitionId": "string",
"serviceRoles": [
{
"roleName": "string",
"roleDisplayName": "string",
"membershipType": "string"
}
]
}
]
}
]
}
{
"refLink": "string",
"serviceDisplayName": "string",
"serviceName": "string",
"serviceRoles": [
"string"
]
}
refLink
serviceDisplayName
serviceName
serviceRoles
{
"name": "string",
"displayName": "string",
"descriptionLong": "string",
"isGated": "boolean",
"visible": "boolean",
"serviceUrls": {
"offerConfiguration": "string",
"serviceHome": "string",
"requestAccess": "string"
},
"serviceRoles": [
"ServiceRoleResponse Object"
],
"organizationLink": "string",
"documentSelfLink": "string",
"healthCheckURL": "string",
"serviceIcon": "string",
"serviceNavBarIcon": "string",
"isPrimary": "boolean",
"isBeta": "boolean"
}
name
displayName
descriptionLong
isGated
visible
organizationLink
documentSelfLink
healthCheckURL
serviceIcon
serviceNavBarIcon
isPrimary
isBeta
{
"serviceDefinitionId": "string",
"serviceRoleNames": [
"string"
]
}
serviceDefinitionId
serviceRoleNames
{
"name": "string",
"displayName": "string",
"serviceDefinition": "ServiceDefinitionResponse Object",
"serviceDefinitionLink": "string",
"userIds": [
"string"
],
"isDefault": "boolean",
"isHidden": "boolean"
}
name
displayName
serviceDefinitionLink
userIds
isDefault
isHidden
For CSP compatibility, ignored by the Identity Service.
{
"name": "string",
"resource": "string"
}
For CSP compatibility, ignored by the Identity Service.
For CSP compatibility, ignored by the Identity Service.
Service roles to be granted.
{
"allRoles": "boolean",
"roleNames": [
"string"
],
"roles": [
{
"name": "string",
"resource": "string"
}
],
"serviceDefinitionId": "string"
}
For CSP compatibility, ignored by the Identity Service.
List of role role/service role names to add.
Service definition ID.
{
"offerConfiguration": "string",
"serviceHome": "string",
"requestAccess": "string"
}
offerConfiguration
serviceHome
requestAccess
{
"cspAuthToken": "string"
}
The access token.
{
"id": "string",
"name": "string",
"displayName": "string",
"membershipType": "string"
}
id
name
displayName
membershipType
{
"roleName": "string",
"roleDisplayName": "string",
"membershipType": "string"
}
roleName
roleDisplayName
membershipType
{
"serviceDefinitionId": "string",
"serviceRoles": [
{
"roleName": "string",
"roleDisplayName": "string",
"membershipType": "string"
}
]
}
serviceDefinitionId
{
"url": "string"
}
The URL to redirect to.
{
"id": "string",
"firstName": "string",
"lastName": "string",
"username": "string",
"password": "string",
"email": "string",
"refLink": "string",
"groups": [
"string"
]
}
id
firstName
lastName
username
password
refLink
groups
{
"isVmwareIdUser": "boolean"
}
isVmwareIdUser
{
"groups": [
{
"id": "string",
"displayName": "string",
"domain": "string",
"usersCount": "integer"
}
]
}
{
"user": {
"id": "string",
"firstName": "string",
"lastName": "string",
"username": "string",
"password": "string",
"email": "string",
"refLink": "string",
"groups": [
"string"
]
},
"userOrgInfo": [
{
"displayName": "string",
"name": "string",
"orgRoles": [
{
"id": "string",
"createdMillis": "integer",
"updatedMillis": "integer",
"name": "string",
"displayName": "string",
"orgId": "string",
"organizationLink": "string",
"refLink": "string",
"userIds": [
"string"
],
"groupIds": [
"string"
]
}
],
"servicesDef": [
{
"refLink": "string",
"serviceDisplayName": "string",
"serviceName": "string",
"serviceRoles": [
"string"
]
}
]
}
]
}
{
"locale": "string",
"language": "string"
}
locale
language
{
"displayName": "string",
"name": "string",
"orgRoles": [
{
"id": "string",
"createdMillis": "integer",
"updatedMillis": "integer",
"name": "string",
"displayName": "string",
"orgId": "string",
"organizationLink": "string",
"refLink": "string",
"userIds": [
"string"
],
"groupIds": [
"string"
]
}
],
"servicesDef": [
{
"refLink": "string",
"serviceDisplayName": "string",
"serviceName": "string",
"serviceRoles": [
"string"
]
}
]
}
displayName
name
{
"acknowledgeAccountLinkingMessage": "integer"
}
acknowledgeAccountLinkingMessage
{
"defaultOrgId": "string",
"isFederated": "boolean",
"linkedUserIdAccount": "string",
"customerNumber": "string",
"locale": "string",
"language": "string",
"username": "string",
"metadata": {
"acknowledgeAccountLinkingMessage": "integer"
},
"createdAt": "integer"
}
defaultOrgId
isFederated
linkedUserIdAccount
customerNumber
locale
language
username
createdAt
{
"successOrgRolesUsernames": [
"string"
],
"failedOrgRolesUsernames": [
"string"
],
"successServiceRolesUsernames": [
"string"
],
"failedServicesRolesUsernames": [
"string"
]
}
successOrgRolesUsernames
failedOrgRolesUsernames
successServiceRolesUsernames
failedServicesRolesUsernames
{
"roleNamesToAdd": [
"string"
],
"roleNamesToRemove": [
"string"
]
}
Role names to add
Role names to remove
{
"serviceDefinitionLink": "string",
"serviceRoleNames": [
"string"
]
}
serviceDefinitionLink
serviceRoleNames
{
"serviceRoles": [
{
"serviceDefinitionLink": "string",
"serviceRoleNames": [
"string"
]
}
]
}
{
"serviceId": "string",
"roleNamesToAdd": [
"string"
],
"roleNamesToRemove": [
"string"
]
}
serviceId
roleNamesToAdd
roleNamesToRemove
{
"serviceDefinitionLink": "string",
"roleNamesToRemove": [
"string"
],
"roleNamesToAdd": [
"string"
]
}
serviceDefinitionLink
roleNamesToRemove
roleNamesToAdd
{
"serviceRolesPatchRequest": [
{
"serviceId": "string",
"roleNamesToAdd": [
"string"
],
"roleNamesToRemove": [
"string"
]
}
]
}
{
"email": "string",
"locale": "string",
"language": "string"
}
locale
language
{
"userName": "string",
"orgRolesUpdateRequest": {
"roleNamesToAdd": [
"string"
],
"roleNamesToRemove": [
"string"
]
},
"empty": "boolean"
}
userName
empty
{
"userList": [
{
"userName": "string",
"orgRolesUpdateRequest": {
"roleNamesToAdd": [
"string"
],
"roleNamesToRemove": [
"string"
]
},
"empty": "boolean"
}
],
"servicesRolesPatchRequest": {
"serviceRolesPatchRequest": [
{
"serviceId": "string",
"roleNamesToAdd": [
"string"
],
"roleNamesToRemove": [
"string"
]
}
]
}
}