POST OAuth/CreateJwtMapping

Creates a new OAuth JWT mapping.

Requirements

  • Roles: Admin. See OAuth roles for more information.
  • Token scope:  Admin

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Body parameters
Order

Name

Description

1

Name

string

(Required)The name of the application

2

IssuerUri

string

(Required)The Issuer URI to be trusted for this mapping

3

PurposeField

string

(Required)The name of the JWT field indicating the purpose

4

PurposeMatch

string

(Required)The value the purpose field must have to accept a token

5

IdField

string

(Required)The name of the JWT field indicating the identity owning the token

6

IdMatch

string

(Required)The regular expression to apply against the id field to obtain the identity. If no GranteePrefixedUniversal is specified, the first group matching the expression is used to determine the identity

7

GranteePrefixedUniversal

string

null if IdMatch is an expression returning a group. Otherwise the prefixed universal identity to use for a token issued against this mapping

Returns

Response description

Name

Description

HTTP 200

See OAuth result codes.

A JwtMapping object is returned showing the values that were passed in the request. For value descriptions, see the Parameters section above.

HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • Error

    • invalid_request: The request is missing a required parameter or is otherwise malformed.

  • Error_description: If available, additional information about how to retry the request.

HTTP 401

For authentication errors, this call returns HTTP 401 Unauthorized and the following data in the message body:

  • Error

    • invalid_token: The access token is missing, or the provided token is expired, revoked, malformed, or invalid for other reasons.

    • insufficient_rights: The underlying user account does not have sufficient permissions for this request.

  • error_description: If available, additional information about how to retry the request.

HTTP 403

If the response is HTTP 403 Forbidden, the requester's token does not include the admin scope. Call POST Authorize/OAuth with the correct scope and restriction. Update the header with the new token and retry.

  • Error

    • insufficient_scope: The request requires a greater scope than provided by the access token.

  • error_description: If available, additional information about how to retry the request.

Examples

Request with GranteePrefixedUniversal

POST /vedsdk/oauth/CreateJwtMapping HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==

{
  "IdField": "sub",
  "IdMatch": "PDnW4ovpwjkhVWkGjxW4F5yZvmxEwGV7@clients",
  "IssuerUri": "https:\/\/dev-g55ca78eoi1f0w71.us.auth0.com\/",
  "Name": "Example JWT mapping",
  "PurposeField": "aud",
  "PurposeMatch": "https:\/\/example.venafi.com\/vedauth",
  "GranteePrefixedUniversal": "local:{77a4cdda-12f2-4d83-aaff-8a3682d014cc}"
}

Response

{
  "JwtMapping": {
    "GranteePrefixedUniversal": "local:{77a4cdda-12f2-4d83-aaff-8a3682d014cc}",
    "IdField": "sub",
    "IdMatch": "PDnW4ovpwjkhVWkGjxW4F5yZvmxEwGV7@clients",
    "IssuerUri": "https://dev-g55ca78eoi1f0w71.us.auth0.com/",
    "Name": "Example JWT mapping",
    "PurposeField": "aud",
    "PurposeMatch": "https://example.venafi.com/vedauth"
  },
  "Result": 0,
  "Success": true
}

Request with IdMatch Regex

POST /vedsdk/oauth/CreateJwtMapping HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==

{
    "IdField": "sub",
    "IdMatch": "(.*@example.com)",
    "IssuerUri": "https:\/\/dev-g55ca78eoi1f0w71.us.auth0.com\/",
    "Name": "Example JWT mapping 2",
    "PurposeField": "aud",
    "PurposeMatch": "https:\/\/example.venafi.com\/vedauth"
}

Response

{
  "JwtMapping": {
    "IdField": "sub",
    "IdMatch": "(.*@example.com)",
    "IssuerUri": "https://dev-g55ca78eoi1f0w71.us.auth0.com/",
    "Name": "Example JWT mapping 2",
    "PurposeField": "aud",
    "PurposeMatch": "https://example.venafi.com/vedauth"
  },
  "Result": 0,
  "Success": true
}