Identity_Providers_Oauth2UpdateSpec

Identity_Providers_Oauth2UpdateSpec
Identity_Providers_Oauth2UpdateSpec

The Providers.Oauth2UpdateSpec structure contains the information used to update the OAuth2 identity provider.

JSON Example
{
    "auth_endpoint": "string",
    "token_endpoint": "string",
    "public_key_uri": "string",
    "client_id": "string",
    "client_secret": "string",
    "claim_map": {
        "claim_map": {
            "claim_map": [
                "string"
            ]
        }
    },
    "issuer": "string",
    "authentication_method": "string",
    "auth_query_params": {
        "auth_query_params": [
            "string"
        ]
    }
}
string As uri
auth_endpoint
Optional

Authentication/authorization endpoint of the provider If unset, leaves value unchanged.

string As uri
token_endpoint
Optional

Token endpoint of the provider. If unset, leaves value unchanged.

string As uri
public_key_uri
Optional

Endpoint to retrieve the provider public key for validation If unset, leaves value unchanged.

string
client_id
Optional

Client identifier to connect to the provider If unset, leaves value unchanged.

string
client_secret
Optional

Shared secret between identity provider and client If unset, leaves value unchanged.

object
claim_map
Optional

The map used to transform an OAuth2 claim to a corresponding claim that vCenter Server understands. Currently only the key "perms" is supported. The key "perms" is used for mapping the "perms" claim of incoming JWT. The value is another map with an external group as the key and a vCenter Server group as value. If unset, leaves value unchanged.

string
issuer
Optional

The identity provider namespace. It is used to validate the issuer in the acquired OAuth2 token If unset, leaves value unchanged.

authentication_method
Optional

The Providers.Oauth2AuthenticationMethod structure contains the possible types of OAuth2 authentication methods.
CLIENT_SECRET_BASIC : Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 3.2.1 of OAuth 2.0 [RFC6749] using the HTTP Basic authentication scheme.
CLIENT_SECRET_POST : Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 3.2.1 of OAuth 2.0 [RFC6749] by including the Client Credentials in the request body.
CLIENT_SECRET_JWT : Clients that have received a client_secret value from the Authorization Server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the octets of the UTF-8 representation of the client_secret as the shared key.
PRIVATE_KEY_JWT : Clients that have registered a public key sign a JWT using that key. The client authenticates in accordance with JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants [OAuth.JWT] and Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants [OAuth.Assertions].

object
auth_query_params
Optional

key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details: If the value contains only one string, then the key is added with "k=v". If the value is an empty list, then the key is added without a "=v". If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. If the map is empty, deletes all params. If unset, leaves value unchanged.