Create Identity Provider (Google)

POST {{apiPath}}/environments/{{envID}}/identityProviders

Before you can use Google as an external identity provider, you must register your application with Google and activate the People API in the Google API Console. For additional information, refer to the following topic in the Google API documentation: Get Ready to Use the People API. To get started, follow the instructions provided in the Google API Console: Google API Console.

The POST {{apiPath}}/environments/{{envID}}/identityProviders operation adds a new identity provider resource to the specified environment.

When the type property value is set to GOOGLE, Google’s clientId and clientSecret property values are required in the request body.

Prerequisites

Refer to Identity Provider Management for important overview information.

Request Model

Google identity provider settings data model

Property Type Required?

Property	Type	Required?
`clientId`	String	Required
`clientSecret`	String	Required

clientId

String

Required

clientSecret

String

Required

Google core attributes

Property Description

Property	Description
`username`	A string that specifies the core Google attribute. The default value is `${providerAttributes.emailAddress.value}` and the default update value is `EMPTY_ONLY`.

username

A string that specifies the core Google attribute. The default value is ${providerAttributes.emailAddress.value} and the default update value is EMPTY_ONLY.

Google provider attributes

Permission Provider attributes

Permission	Provider attributes
`profile, email`	Options are: `resourceName`, `etag`, `emailAddress.value`, `name.displayName`, `name.familyName`, `name.givenName`, `name.middleName`, `nickname.value`, `nickname.type`, `gender.value`, and `gender.formattedValue`.
`https://www.googleapis.com/auth/profile.agerange.read`	Options are: `ageRange.ageRange`.
`https://www.googleapis.com/auth/profile.language.read`	Options are: `locale.value`.
`https://www.googleapis.com/auth/user.birthday.read`	Options are: `birthday.date.month`, `birthday.date.day`, `birthday.date.year`, and `birthday.text`.
`https://www.googleapis.com/auth/user.phonenumbers.read`	Options are: `phoneNumber.value`.

profile, email

Options are: resourceName, etag, emailAddress.value, name.displayName, name.familyName, name.givenName, name.middleName, nickname.value, nickname.type, gender.value, and gender.formattedValue.

https://www.googleapis.com/auth/profile.agerange.read

Options are: ageRange.ageRange.

https://www.googleapis.com/auth/profile.language.read

Options are: locale.value.

https://www.googleapis.com/auth/user.birthday.read

Options are: birthday.date.month, birthday.date.day, birthday.date.year, and birthday.text.

https://www.googleapis.com/auth/user.phonenumbers.read

Options are: phoneNumber.value.

Refer to Base IdP data model for the properties available to all of the supported identity providers.

Query parameters

Parameter Description

Parameter	Description
`expand`	When equal to `attributes`, shows the details for the core attribute mapping created by the request.

expand

When equal to attributes, shows the details for the core attribute mapping created by the request.

Example: POST {{apiPath}}/environments/{{envID}}/identityProviders?expand=attributes

Headers

Authorization Bearer {{accessToken}}

Content-Type application/json

Body

raw ( application/json )

{
    "description": "Custom Google ID Provider",
    "enabled": true,
    "name": "GoogleIdP1",
    "type": "GOOGLE",
    "clientId": "GoogleID",
    "clientSecret": "GoogleSecret"
}

Example Request

curl --location --globoff '{{apiPath}}/environments/{{envID}}/identityProviders' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "description": "Custom Google ID Provider",
    "enabled": true,
    "name": "GoogleIdP1",
    "type": "GOOGLE",
    "clientId": "GoogleID",
    "clientSecret": "GoogleSecret"
}'

var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/identityProviders")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""description"": ""Custom Google ID Provider""," + "\n" +
@"    ""enabled"": true," + "\n" +
@"    ""name"": ""GoogleIdP1""," + "\n" +
@"    ""type"": ""GOOGLE""," + "\n" +
@"    ""clientId"": ""GoogleID""," + "\n" +
@"    ""clientSecret"": ""GoogleSecret""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/identityProviders"
  method := "POST"

  payload := strings.NewReader(`{
    "description": "Custom Google ID Provider",
    "enabled": true,
    "name": "GoogleIdP1",
    "type": "GOOGLE",
    "clientId": "GoogleID",
    "clientSecret": "GoogleSecret"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

POST /environments/{{envID}}/identityProviders HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "description": "Custom Google ID Provider",
    "enabled": true,
    "name": "GoogleIdP1",
    "type": "GOOGLE",
    "clientId": "GoogleID",
    "clientSecret": "GoogleSecret"
}

OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"description\": \"Custom Google ID Provider\",\n    \"enabled\": true,\n    \"name\": \"GoogleIdP1\",\n    \"type\": \"GOOGLE\",\n    \"clientId\": \"GoogleID\",\n    \"clientSecret\": \"GoogleSecret\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/identityProviders")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();

var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/identityProviders",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "description": "Custom Google ID Provider",
    "enabled": true,
    "name": "GoogleIdP1",
    "type": "GOOGLE",
    "clientId": "GoogleID",
    "clientSecret": "GoogleSecret"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});

var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/identityProviders',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "description": "Custom Google ID Provider",
    "enabled": true,
    "name": "GoogleIdP1",
    "type": "GOOGLE",
    "clientId": "GoogleID",
    "clientSecret": "GoogleSecret"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

import requests
import json

url = "{{apiPath}}/environments/{{envID}}/identityProviders"

payload = json.dumps({
  "description": "Custom Google ID Provider",
  "enabled": True,
  "name": "GoogleIdP1",
  "type": "GOOGLE",
  "clientId": "GoogleID",
  "clientSecret": "GoogleSecret"
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/identityProviders');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "description": "Custom Google ID Provider",\n    "enabled": true,\n    "name": "GoogleIdP1",\n    "type": "GOOGLE",\n    "clientId": "GoogleID",\n    "clientSecret": "GoogleSecret"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}

require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/identityProviders")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "description": "Custom Google ID Provider",
  "enabled": true,
  "name": "GoogleIdP1",
  "type": "GOOGLE",
  "clientId": "GoogleID",
  "clientSecret": "GoogleSecret"
})

response = http.request(request)
puts response.read_body

let parameters = "{\n    \"description\": \"Custom Google ID Provider\",\n    \"enabled\": true,\n    \"name\": \"GoogleIdP1\",\n    \"type\": \"GOOGLE\",\n    \"clientId\": \"GoogleID\",\n    \"clientSecret\": \"GoogleSecret\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/identityProviders")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/65fb47be-c71e-45b6-9c4c-e3deed8df116"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "attributes": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/65fb47be-c71e-45b6-9c4c-e3deed8df116/attributes"
        }
    },
    "id": "65fb47be-c71e-45b6-9c4c-e3deed8df116",
    "type": "GOOGLE",
    "name": "GoogleIdP",
    "description": "Google identity provider.",
    "enabled": false,
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "createdAt": "2019-06-17T18:03:45.785Z",
    "updatedAt": "2019-06-17T18:03:45.785Z",
    "clientSecret": "GoogleClientSecret",
    "clientId": "GoogleClientId"
}

PingOne Platform APIs