POST OAuth/GetJwtMappings

Searches for OAuth JWT mappings

Requirements

Roles: Admin or Auditor. See OAuth roles for more information.
Token scope: Admin

Headers

Content type: Content-Type:application/json.
Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Body parameters
Name	Description
ResolveIdentities boolean	If `true`, prefixed universals will be resolved and included in the response in the IdentityEntries field.
IssuerUris array of strings	Gets a list of Issuer URIs

Returns

Response description
Name	Description
HTTP 200	See OAuth result codes. The following values are returned: Count (integer): The total number of mappings returned. JwtMappings (array of objects): An array of each enumerated mapping. For value descriptions, see the POST OAuth/GetJwtMappings section of POST OAuth/CreateJwtMapping. IdentityEntries (array of objects): If "ResolveIdentities": true was passed in the request, this array is returned. It lists the identity details for each identity associated with the returned JWT mappings.
HTTP 400	For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body: Error invalid_request: The request is missing a required parameter or is otherwise malformed. Error_description: If available, additional information about how to retry the request.
HTTP 401	For authentication errors, this call returns HTTP 401 Unauthorized and the following data in the message body: Error invalid_token: The access token is missing, or the provided token is expired, revoked, malformed, or invalid for other reasons. insufficient_rights: The underlying user account does not have sufficient permissions for this request. error_description: If available, additional information about how to retry the request.
HTTP 403	If the response is HTTP 403 Forbidden, the requester's token does not include the admin scope. Call POST Authorize/OAuth with the correct scope and restriction. Update the header with the new token and retry. Error insufficient_scope: The request requires a greater scope than provided by the access token. error_description: If available, additional information about how to retry the request.

Example

Request all rules for a user

POST /vedsdk/oauth/enumeratejwtmappings HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==

{
  "Start": 0,
  "Count": 4,
  "ResolveIdentities": true,
  "OrderBy": 1,
  "Descending": false
}

Response

{
  "Count": 2,
  "IdentityEntries": [
    {
      "FullName": "\\VED\\Identity\\sample-cs-user",
      "Name": "sample-cs-user",
      "Prefix": "local",
      "PrefixedName": "local:sample-cs-user",
      "PrefixedUniversal": "local:{77a4cdda-12f2-4d83-aaff-8a3682d014cc}",
      "Type": 1,
      "Universal": "{77a4cdda-12f2-4d83-aaff-8a3682d014cc}"
    }
  ],
  "JwtMappings": [
    {
      "GranteePrefixedUniversal": "local:{77a4cdda-12f2-4d83-aaff-8a3682d014cc}",
      "IdField": "sub",
      "IdMatch": "PDnW4ovpwjkhVWkGjxW4F5yZvmxEwGV7@clients",
      "IssuerUri": "https://dev-g55ca78eoi1f0w71.us.auth0.com/",
      "Name": "Example JWT mapping",
      "PurposeField": "aud",
      "PurposeMatch": "https://example.venafi.com/vedauth"
    },
    {
      "IdField": "sub",
      "IdMatch": "(.*@example.com)",
      "IssuerUri": "https://dev-g55ca78eoi1f0w71.us.auth0.com/",
      "Name": "Example JWT mapping 2",
      "PurposeField": "aud",
      "PurposeMatch": "https://example.venafi.com/vedauth"
    }
  ],
  "Result": 0,
  "Success": true
}