Create Identity Provider Attribute (OpenID Connect)

POST {{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes

The POST {{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes operation adds a new identity provider attribute mapping resource for the specified identity provider.

For OPENID_CONNECT type attribute mappings, OIDC attributes can be mapped to any searchable PingOne user attribute. The administrator must know the name/path of the OIDC provider attribute that is mapped.

If OpenID Connect is specified as the the external identity provider, the OpenID Connect sub attribute can be used as the provider mapping attribute placeholder value.

The placeholder value must use the following syntax:

${providerAttributes.<OpenID Connect attribute name>}

When you create a new OpenID Connect identity provider entity, the POST request automatically maps the PingOne username attribute to the OpenID Connect sub attribute. For more information, refer to the OpenID Connect core mapping attribute.

Refer to Identity Provider Attributes for more information. Refer also to Base IdP data model for the properties available to all of the supported identity providers.

Prerequisites

Refer to Identity Provider Management for important overview information.

Request Model

OpenID Connect identity provider attribute settings data model

Property Type Required?

Property	Type	Required?
`name`	String	Required
`value`	String	Required
`update`	String	Required

name

String

Required

value

String

Required

update

String

Required

OpenID Connect core attributes

Property Description

Property	Description
`username`	A string that specifies the core OpenID Connect attribute. The default value is `${providerAttributes.sub}` and the default update value is `EMPTY_ONLY`.

username

A string that specifies the core OpenID Connect attribute. The default value is ${providerAttributes.sub} and the default update value is EMPTY_ONLY.

OpenID Connect provider attributes

Permission Provider attributes

Permission	Provider attributes
`openid`	`sub`

openid

sub

Headers

Authorization Bearer {{accessToken}}

Content-Type application/json

Body

raw ( application/json )

{
    "name": "email",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.user.emailAddress}"
}

Example Request

curl --location --globoff '{{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "name": "email",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.user.emailAddress}"
}'

var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""name"": ""email""," + "\n" +
@"    ""update"": ""EMPTY_ONLY""," + "\n" +
@"    ""value"": ""${providerAttributes.user.emailAddress}""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes"
  method := "POST"

  payload := strings.NewReader(`{
    "name": "email",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.user.emailAddress}"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

POST /environments/{{envID}}/identityProviders/{{providerID}}/attributes HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "name": "email",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.user.emailAddress}"
}

OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"name\": \"email\",\n    \"update\": \"EMPTY_ONLY\",\n    \"value\": \"${providerAttributes.user.emailAddress}\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();

var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "name": "email",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.user.emailAddress}"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});

var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "name": "email",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.user.emailAddress}"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

import requests
import json

url = "{{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes"

payload = json.dumps({
  "name": "email",
  "update": "EMPTY_ONLY",
  "value": "${providerAttributes.user.emailAddress}"
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "name": "email",\n    "update": "EMPTY_ONLY",\n    "value": "${providerAttributes.user.emailAddress}"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}

require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "name": "email",
  "update": "EMPTY_ONLY",
  "value": "\${providerAttributes.user.emailAddress}"
})

response = http.request(request)
puts response.read_body

let parameters = "{\n    \"name\": \"email\",\n    \"update\": \"EMPTY_ONLY\",\n    \"value\": \"${providerAttributes.user.emailAddress}\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/identityProviders/{{providerID}}/attributes")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/ad6e99f3-1053-4ce0-9623-09bab0a1c74a/attributes/065281f6-923d-483f-a63f-98888b0c7b01"
        },
        "identityProvider": {
            "href": "https://api.pingone.com/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/e46e99f3-1053-4ce0-9623-09bab0a1c74a"
        }
    },
    "name": "email",
    "value": "${providerAttributes.user.emailAddress}",
    "update": "EMPTY_ONLY",
    "id": "065281f6-923d-483f-a63f-98888b0c7b01",
    "mappingType": "CUSTOM",
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "identityProvider": {
        "id": "e46e99f3-1053-4ce0-9623-09bab0a1c74a"
    },
    "createdAt": 1889592542048,
    "updatedAt": 1889592542048
}

PingOne Platform APIs

Create Identity Provider Attribute (OpenID Connect)

Prerequisites

OpenID Connect identity provider attribute settings data model

OpenID Connect core attributes

OpenID Connect provider attributes

Headers

Body

Example Request

Example Response