PingOne Platform APIs

Create Identity Provider (Apple)

   

POST {{apiPath}}/environments/{{envID}}/identityProviders

The POST {{apiPath}}/environments/{{envID}}/identityProviders operation adds a new identity provider resource to the specified environment.

When the type property value is set to APPLE, Apple’s clientId and clientSecret property values are required in the request body. The request also requires a clientSecretSigningKey, which is a PKCS #8 private key in the PEM base64-encoded format obtained from your Apple client developer account. It is used to generate a client secret. The teamId, which is a ten-character Team ID value obtained from your Apple client developer account, and a keyId, which is a ten-character Key ID obtained from your Apple client developer account.

Prerequisites

Request Model

Apple identity provider settings data model

Property Type Required?

clientId

String

Required

clientSecretSigningKey

String

Required

keyId

String

Required

teamId

String

Required

Apple core attributes

Property Description

sub

A string that specifies the core Apple attribute. The default value is ${providerAttributes.sub} and the default update value is EMPTY_ONLY.

Apple provider attributes

Permission Provider attributes

name

Options are: sub, iss, iat, expt, aud, nonce, nonce_supported

email

Options are: email, email_verified

Refer to Base IdP data model for the properties available to all of the supported identity providers.

Query parameters
Parameter Description

expand

When equal to attributes, shows the details for the core attribute mapping created by the request.

Example: POST {{apiPath}}/environments/{{envID}}/identityProviders?expand=attributes

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "description": "Apple Provider",
    "enabled": true,
    "name": "AppleIdP",
    "type": "APPLE",
    "clientId": "APPLE_IDP",
    "clientSecret": "APPLE_SECRET",
    "clientSecretSigningKey": "-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB....\n-----END PRIVATE KEY-----",
    "teamId": "{{teamID}}",
    "keyId": "{{keyID}}"
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/identityProviders' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "description": "Apple Provider",
    "enabled": true,
    "name": "AppleIdP",
    "type": "APPLE",
    "clientId": "APPLE_IDP",
    "clientSecret": "APPLE_SECRET",
    "clientSecretSigningKey": "-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB....\n-----END PRIVATE KEY-----",
    "teamId": "{{teamID}}",
    "keyId": "{{keyID}}"
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/identityProviders")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""description"": ""Apple Provider""," + "\n" +
@"    ""enabled"": true," + "\n" +
@"    ""name"": ""AppleIdP""," + "\n" +
@"    ""type"": ""APPLE""," + "\n" +
@"    ""clientId"": ""APPLE_IDP""," + "\n" +
@"    ""clientSecret"": ""APPLE_SECRET""," + "\n" +
@"    ""clientSecretSigningKey"": ""-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB....\n-----END PRIVATE KEY-----""," + "\n" +
@"    ""teamId"": ""{{teamID}}""," + "\n" +
@"    ""keyId"": ""{{keyID}}""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/identityProviders"
  method := "POST"

  payload := strings.NewReader(`{
    "description": "Apple Provider",
    "enabled": true,
    "name": "AppleIdP",
    "type": "APPLE",
    "clientId": "APPLE_IDP",
    "clientSecret": "APPLE_SECRET",
    "clientSecretSigningKey": "-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB....\n-----END PRIVATE KEY-----",
    "teamId": "{{teamID}}",
    "keyId": "{{keyID}}"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/identityProviders HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "description": "Apple Provider",
    "enabled": true,
    "name": "AppleIdP",
    "type": "APPLE",
    "clientId": "APPLE_IDP",
    "clientSecret": "APPLE_SECRET",
    "clientSecretSigningKey": "-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB....\n-----END PRIVATE KEY-----",
    "teamId": "{{teamID}}",
    "keyId": "{{keyID}}"
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"description\": \"Apple Provider\",\n    \"enabled\": true,\n    \"name\": \"AppleIdP\",\n    \"type\": \"APPLE\",\n    \"clientId\": \"APPLE_IDP\",\n    \"clientSecret\": \"APPLE_SECRET\",\n    \"clientSecretSigningKey\": \"-----BEGIN PRIVATE KEY-----\\nMIGTAgEAMB....\\n-----END PRIVATE KEY-----\",\n    \"teamId\": \"{{teamID}}\",\n    \"keyId\": \"{{keyID}}\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/identityProviders")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/identityProviders",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "description": "Apple Provider",
    "enabled": true,
    "name": "AppleIdP",
    "type": "APPLE",
    "clientId": "APPLE_IDP",
    "clientSecret": "APPLE_SECRET",
    "clientSecretSigningKey": "-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB....\n-----END PRIVATE KEY-----",
    "teamId": "{{teamID}}",
    "keyId": "{{keyID}}"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/identityProviders',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "description": "Apple Provider",
    "enabled": true,
    "name": "AppleIdP",
    "type": "APPLE",
    "clientId": "APPLE_IDP",
    "clientSecret": "APPLE_SECRET",
    "clientSecretSigningKey": "-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB....\n-----END PRIVATE KEY-----",
    "teamId": "{{teamID}}",
    "keyId": "{{keyID}}"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/identityProviders"

payload = json.dumps({
  "description": "Apple Provider",
  "enabled": True,
  "name": "AppleIdP",
  "type": "APPLE",
  "clientId": "APPLE_IDP",
  "clientSecret": "APPLE_SECRET",
  "clientSecretSigningKey": "-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB....\n-----END PRIVATE KEY-----",
  "teamId": "{{teamID}}",
  "keyId": "{{keyID}}"
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/identityProviders');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "description": "Apple Provider",\n    "enabled": true,\n    "name": "AppleIdP",\n    "type": "APPLE",\n    "clientId": "APPLE_IDP",\n    "clientSecret": "APPLE_SECRET",\n    "clientSecretSigningKey": "-----BEGIN PRIVATE KEY-----\\nMIGTAgEAMB....\\n-----END PRIVATE KEY-----",\n    "teamId": "{{teamID}}",\n    "keyId": "{{keyID}}"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/identityProviders")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "description": "Apple Provider",
  "enabled": true,
  "name": "AppleIdP",
  "type": "APPLE",
  "clientId": "APPLE_IDP",
  "clientSecret": "APPLE_SECRET",
  "clientSecretSigningKey": "-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB....\n-----END PRIVATE KEY-----",
  "teamId": "{{teamID}}",
  "keyId": "{{keyID}}"
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"description\": \"Apple Provider\",\n    \"enabled\": true,\n    \"name\": \"AppleIdP\",\n    \"type\": \"APPLE\",\n    \"clientId\": \"APPLE_IDP\",\n    \"clientSecret\": \"APPLE_SECRET\",\n    \"clientSecretSigningKey\": \"-----BEGIN PRIVATE KEY-----\\nMIGTAgEAMB....\\n-----END PRIVATE KEY-----\",\n    \"teamId\": \"{{teamID}}\",\n    \"keyId\": \"{{keyID}}\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/identityProviders")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
  "_links": {
    "self": {
      "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/a6e6e9f3-5b01-4a9c-858c-5264b581a52f"
    },
    "environment": {
      "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "attributes": {
      "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/a6e6e9f3-5b01-4a9c-858c-5264b581a52f/attributes"
    }
  },
  "id": "a6e6e9f3-5b01-4a9c-858c-5264b581a52f",
  "type": "APPLE",
  "name": "AppleIdP",
  "description": "Apple Provider",
  "enabled": true,
  "environment": {
    "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
  },
  "createdAt": "2020-04-21T19:40:27.233Z",
  "updatedAt": "2020-04-21T19:40:27.233Z",
  "keyId": "6GH7JK8LU0",
  "clientId": "APPLE_IDP",
  "clientSecretSigningKey": "-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB....\n-----END PRIVATE KEY-----",
  "teamId": "1ABC2D4F5T"
}