ClientConfigurationForApple
Realm Operations
Resource path:
/realm-config/services/SocialIdentityProviders/appleConfig
Resource version: 1.0
create
Usage
am> create ClientConfigurationForApple --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "requestObjectAudience" : { "title" : "Request Object Audience", "description" : "The intended audience of the request object. If unspecified, the issuer value will be used.", "propertyOrder" : 1410, "required" : true, "type" : "string", "exampleValue" : "" }, "jwtEncryptionMethod" : { "title" : "JWT Encryption Method", "description" : "The encryption method to use when encrypting the client assertion and request object jwt sent to social provider.", "propertyOrder" : 2100, "required" : true, "type" : "string", "exampleValue" : "" }, "introspectEndpoint" : { "title" : "Token Introspection Endpoint URL", "description" : "OAuth Token Introspection endpoint URL This is the URL endpoint for access token validation using the OAuth Identity Provider.Refer to the RFC 7662 (http://tools.ietf.org/html/rfc7662).", "propertyOrder" : 650, "required" : true, "type" : "string", "exampleValue" : "" }, "jwtSigningAlgorithm" : { "title" : "JWT Signing Algorithm", "description" : "The signing algorithm to use when signing the client assertion and request object jwt sent to social provider.", "propertyOrder" : 1900, "required" : true, "type" : "string", "exampleValue" : "" }, "uiConfig" : { "title" : "UI Config Properties", "description" : "Mapping of display properties to be defined and consumed by the UI.", "propertyOrder" : 9999, "required" : true, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "authorizationEndpoint" : { "title" : "Authentication Endpoint URL", "description" : "OAuth authentication endpoint URL <p> This is the URL endpoint for OAuth authentication provided by the OAuth Identity Provider.", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "https://appleid.apple.com/auth/authorize" }, "clientAuthenticationMethod" : { "title" : "Client Authentication Method", "description" : "Field used to define how the client would be identified by the social provider.", "propertyOrder" : 1000, "required" : true, "type" : "string", "exampleValue" : "" }, "issuer" : { "title" : "Issuer", "description" : "The Issuer of OIDC ID Tokens.", "propertyOrder" : 1600, "required" : true, "type" : "string", "exampleValue" : "" }, "privateKeyJwtExpTime" : { "title" : "Private Key JWT Expiration Time (seconds)", "description" : "The expiration time on or after which the private key JWT must not be accepted for processing.", "propertyOrder" : 2200, "required" : true, "type" : "integer", "exampleValue" : "" }, "enableNativeNonce" : { "title" : "Enable Native Nonce", "description" : "When enabled, the Identity Provider Native SDK MUST include a nonce Claim in the ID Token with the Claim value being the nonce value sent in the Authentication Request. Enabled by default.", "propertyOrder" : 1700, "required" : true, "type" : "boolean", "exampleValue" : "" }, "jwksUriEndpoint" : { "title" : "JWKS URI Endpoint", "description" : "The JWKS URL endpoint for the RP to use when encrypting or validating", "propertyOrder" : 1800, "required" : true, "type" : "string", "exampleValue" : "" }, "enabled" : { "title" : "Enabled", "description" : "", "propertyOrder" : 1, "required" : true, "type" : "boolean", "exampleValue" : "" }, "clientSecret" : { "title" : "Client Secret", "description" : "OAuth client_secret parameter <p>For more information on the OAuth client_id parameter refer to the RFC 6749 (http://tools.ietf.org/html/rfc6749#section-2.3.1), section 2.3.1.", "propertyOrder" : 300, "required" : false, "type" : "string", "format" : "password", "exampleValue" : "" }, "transform" : { "title" : "Transform Script", "description" : "A script that takes the raw profile object as input and outputs the normalized profile object.", "propertyOrder" : 10000, "required" : true, "type" : "string", "exampleValue" : "" }, "userInfoResponseType" : { "title" : "User Info Response Format", "description" : "The expected format of UserInfo responses. Dictates how AM will process the response. The expected format must match the actual format.", "propertyOrder" : 1710, "required" : true, "type" : "string", "exampleValue" : "" }, "wellKnownEndpoint" : { "title" : "Well Known Endpoint", "description" : "The endpoint for retrieving a list of OAuth/OIDC endpoints.", "propertyOrder" : 1200, "required" : true, "type" : "string", "exampleValue" : "" }, "scopeDelimiter" : { "title" : "Scope Delimiter", "description" : "The delimiter used by an auth server to separate scopes.", "propertyOrder" : 800, "required" : true, "type" : "string", "exampleValue" : "" }, "tokenEndpoint" : { "title" : "Access Token Endpoint URL", "description" : "OAuth access token endpoint URL This is the URL endpoint for access token retrieval provided by the OAuth Identity Provider.Refer to the RFC 6749 (http://tools.ietf.org/html/rfc6749#section-3.2), section 3.2.", "propertyOrder" : 500, "required" : true, "type" : "string", "exampleValue" : "https://appleid.apple.com/auth/token" }, "encryptedIdTokens" : { "title" : "OP Encrypts ID Tokens", "description" : "Whether the OP encrypts ID Tokens. Will determine which resolver to use.", "propertyOrder" : 1500, "required" : true, "type" : "boolean", "exampleValue" : "" }, "redirectURI" : { "title" : "Redirect URL", "description" : "", "propertyOrder" : 700, "required" : true, "type" : "string", "exampleValue" : "" }, "acrValues" : { "title" : "ACR Values", "description" : "Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference.", "propertyOrder" : 1150, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "authenticationIdKey" : { "title" : "Auth ID Key", "description" : "Field used to identify a user by the social provider.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "sub" }, "encryptJwtRequestParameter" : { "title" : "Encrypt Request Parameter JWT", "description" : "Enable the option to send an encrypted request parameter JWT.", "propertyOrder" : 1130, "required" : true, "type" : "boolean", "exampleValue" : "" }, "jwtEncryptionAlgorithm" : { "title" : "JWT Encryption Algorithm", "description" : "The encryption algorithm to use when encrypting the client assertion and request object jwt sent to social provider.", "propertyOrder" : 2000, "required" : true, "type" : "string", "exampleValue" : "" }, "jwtRequestParameterOption" : { "title" : "Request Parameter JWT Option", "description" : "Choose how Request Parameter JWTs will be sent to the OIDC Provider. Choose REFERENCE for OpenID Connect Request Parameter JWTs to be passed by reference. Choose VALUE for OpenID Connect Request Parameter JWTs to be passed as single, self-contained parameters.Choose NONE to specify that Request Parameter JWTs are not used.", "propertyOrder" : 1125, "required" : true, "type" : "string", "exampleValue" : "" }, "pkceMethod" : { "title" : "PKCE Method", "description" : "The PKCE transformation method to use when making requests to the authorization endpoint.", "propertyOrder" : 1100, "required" : true, "type" : "string", "exampleValue" : "" }, "responseMode" : { "title" : "Response Mode", "description" : "Informs the Authorization Server of the mechanism to use for returning Authorization Response parameters.", "propertyOrder" : 2500, "required" : true, "type" : "string", "exampleValue" : "" }, "scopes" : { "title" : "OAuth Scopes", "description" : "List of user profile properties<p>According to the OAuth 2.0 Authorization Framework that the client application requires. The list depends on the permissions that the resource owner grants to the client application. Some authorization servers use non-standard separators for scopes.", "propertyOrder" : 900, "required" : true, "items" : { "type" : "string" }, "minItems" : 1, "type" : "array", "exampleValue" : "name, email" }, "redirectAfterFormPostURI" : { "title" : "Redirect after form post URL", "description" : "Specify URL to redirect the form post parameters to.", "propertyOrder" : 710, "required" : true, "type" : "string", "exampleValue" : "" }, "userInfoEndpoint" : { "title" : "User Profile Service URL", "description" : "User profile information URL <p> This URL endpoint provides user profile information and is provided by the OAuth Identity Provider NB This URL should return JSON objects in response.", "propertyOrder" : 600, "required" : true, "type" : "string", "exampleValue" : "" }, "clientId" : { "title" : "Client ID", "description" : "OAuth client_id parameter<p> For more information on the OAuth client_id parameter refer to the RFC 6749 (http://tools.ietf.org/html/rfc6749#section-2.3.1), section 2.3.1.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" } } }
delete
Usage
am> delete ClientConfigurationForApple --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action ClientConfigurationForApple --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action ClientConfigurationForApple --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action ClientConfigurationForApple --realm Realm --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true filter.
Usage
am> query ClientConfigurationForApple --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read ClientConfigurationForApple --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update ClientConfigurationForApple --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "requestObjectAudience" : { "title" : "Request Object Audience", "description" : "The intended audience of the request object. If unspecified, the issuer value will be used.", "propertyOrder" : 1410, "required" : true, "type" : "string", "exampleValue" : "" }, "jwtEncryptionMethod" : { "title" : "JWT Encryption Method", "description" : "The encryption method to use when encrypting the client assertion and request object jwt sent to social provider.", "propertyOrder" : 2100, "required" : true, "type" : "string", "exampleValue" : "" }, "introspectEndpoint" : { "title" : "Token Introspection Endpoint URL", "description" : "OAuth Token Introspection endpoint URL This is the URL endpoint for access token validation using the OAuth Identity Provider.Refer to the RFC 7662 (http://tools.ietf.org/html/rfc7662).", "propertyOrder" : 650, "required" : true, "type" : "string", "exampleValue" : "" }, "jwtSigningAlgorithm" : { "title" : "JWT Signing Algorithm", "description" : "The signing algorithm to use when signing the client assertion and request object jwt sent to social provider.", "propertyOrder" : 1900, "required" : true, "type" : "string", "exampleValue" : "" }, "uiConfig" : { "title" : "UI Config Properties", "description" : "Mapping of display properties to be defined and consumed by the UI.", "propertyOrder" : 9999, "required" : true, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "authorizationEndpoint" : { "title" : "Authentication Endpoint URL", "description" : "OAuth authentication endpoint URL <p> This is the URL endpoint for OAuth authentication provided by the OAuth Identity Provider.", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "https://appleid.apple.com/auth/authorize" }, "clientAuthenticationMethod" : { "title" : "Client Authentication Method", "description" : "Field used to define how the client would be identified by the social provider.", "propertyOrder" : 1000, "required" : true, "type" : "string", "exampleValue" : "" }, "issuer" : { "title" : "Issuer", "description" : "The Issuer of OIDC ID Tokens.", "propertyOrder" : 1600, "required" : true, "type" : "string", "exampleValue" : "" }, "privateKeyJwtExpTime" : { "title" : "Private Key JWT Expiration Time (seconds)", "description" : "The expiration time on or after which the private key JWT must not be accepted for processing.", "propertyOrder" : 2200, "required" : true, "type" : "integer", "exampleValue" : "" }, "enableNativeNonce" : { "title" : "Enable Native Nonce", "description" : "When enabled, the Identity Provider Native SDK MUST include a nonce Claim in the ID Token with the Claim value being the nonce value sent in the Authentication Request. Enabled by default.", "propertyOrder" : 1700, "required" : true, "type" : "boolean", "exampleValue" : "" }, "jwksUriEndpoint" : { "title" : "JWKS URI Endpoint", "description" : "The JWKS URL endpoint for the RP to use when encrypting or validating", "propertyOrder" : 1800, "required" : true, "type" : "string", "exampleValue" : "" }, "enabled" : { "title" : "Enabled", "description" : "", "propertyOrder" : 1, "required" : true, "type" : "boolean", "exampleValue" : "" }, "clientSecret" : { "title" : "Client Secret", "description" : "OAuth client_secret parameter <p>For more information on the OAuth client_id parameter refer to the RFC 6749 (http://tools.ietf.org/html/rfc6749#section-2.3.1), section 2.3.1.", "propertyOrder" : 300, "required" : false, "type" : "string", "format" : "password", "exampleValue" : "" }, "transform" : { "title" : "Transform Script", "description" : "A script that takes the raw profile object as input and outputs the normalized profile object.", "propertyOrder" : 10000, "required" : true, "type" : "string", "exampleValue" : "" }, "userInfoResponseType" : { "title" : "User Info Response Format", "description" : "The expected format of UserInfo responses. Dictates how AM will process the response. The expected format must match the actual format.", "propertyOrder" : 1710, "required" : true, "type" : "string", "exampleValue" : "" }, "wellKnownEndpoint" : { "title" : "Well Known Endpoint", "description" : "The endpoint for retrieving a list of OAuth/OIDC endpoints.", "propertyOrder" : 1200, "required" : true, "type" : "string", "exampleValue" : "" }, "scopeDelimiter" : { "title" : "Scope Delimiter", "description" : "The delimiter used by an auth server to separate scopes.", "propertyOrder" : 800, "required" : true, "type" : "string", "exampleValue" : "" }, "tokenEndpoint" : { "title" : "Access Token Endpoint URL", "description" : "OAuth access token endpoint URL This is the URL endpoint for access token retrieval provided by the OAuth Identity Provider.Refer to the RFC 6749 (http://tools.ietf.org/html/rfc6749#section-3.2), section 3.2.", "propertyOrder" : 500, "required" : true, "type" : "string", "exampleValue" : "https://appleid.apple.com/auth/token" }, "encryptedIdTokens" : { "title" : "OP Encrypts ID Tokens", "description" : "Whether the OP encrypts ID Tokens. Will determine which resolver to use.", "propertyOrder" : 1500, "required" : true, "type" : "boolean", "exampleValue" : "" }, "redirectURI" : { "title" : "Redirect URL", "description" : "", "propertyOrder" : 700, "required" : true, "type" : "string", "exampleValue" : "" }, "acrValues" : { "title" : "ACR Values", "description" : "Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference.", "propertyOrder" : 1150, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "authenticationIdKey" : { "title" : "Auth ID Key", "description" : "Field used to identify a user by the social provider.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "sub" }, "encryptJwtRequestParameter" : { "title" : "Encrypt Request Parameter JWT", "description" : "Enable the option to send an encrypted request parameter JWT.", "propertyOrder" : 1130, "required" : true, "type" : "boolean", "exampleValue" : "" }, "jwtEncryptionAlgorithm" : { "title" : "JWT Encryption Algorithm", "description" : "The encryption algorithm to use when encrypting the client assertion and request object jwt sent to social provider.", "propertyOrder" : 2000, "required" : true, "type" : "string", "exampleValue" : "" }, "jwtRequestParameterOption" : { "title" : "Request Parameter JWT Option", "description" : "Choose how Request Parameter JWTs will be sent to the OIDC Provider. Choose REFERENCE for OpenID Connect Request Parameter JWTs to be passed by reference. Choose VALUE for OpenID Connect Request Parameter JWTs to be passed as single, self-contained parameters.Choose NONE to specify that Request Parameter JWTs are not used.", "propertyOrder" : 1125, "required" : true, "type" : "string", "exampleValue" : "" }, "pkceMethod" : { "title" : "PKCE Method", "description" : "The PKCE transformation method to use when making requests to the authorization endpoint.", "propertyOrder" : 1100, "required" : true, "type" : "string", "exampleValue" : "" }, "responseMode" : { "title" : "Response Mode", "description" : "Informs the Authorization Server of the mechanism to use for returning Authorization Response parameters.", "propertyOrder" : 2500, "required" : true, "type" : "string", "exampleValue" : "" }, "scopes" : { "title" : "OAuth Scopes", "description" : "List of user profile properties<p>According to the OAuth 2.0 Authorization Framework that the client application requires. The list depends on the permissions that the resource owner grants to the client application. Some authorization servers use non-standard separators for scopes.", "propertyOrder" : 900, "required" : true, "items" : { "type" : "string" }, "minItems" : 1, "type" : "array", "exampleValue" : "name, email" }, "redirectAfterFormPostURI" : { "title" : "Redirect after form post URL", "description" : "Specify URL to redirect the form post parameters to.", "propertyOrder" : 710, "required" : true, "type" : "string", "exampleValue" : "" }, "userInfoEndpoint" : { "title" : "User Profile Service URL", "description" : "User profile information URL <p> This URL endpoint provides user profile information and is provided by the OAuth Identity Provider NB This URL should return JSON objects in response.", "propertyOrder" : 600, "required" : true, "type" : "string", "exampleValue" : "" }, "clientId" : { "title" : "Client ID", "description" : "OAuth client_id parameter<p> For more information on the OAuth client_id parameter refer to the RFC 6749 (http://tools.ietf.org/html/rfc6749#section-2.3.1), section 2.3.1.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" } } }