Espacio de nombres: microsoft.graph
Importante
Las API de la versión /beta de Microsoft Graph están sujetas a cambios. No se admite el uso de estas API en aplicaciones de producción. Para determinar si una API está disponible en la versión 1.0, use el selector de Versión.
Cree un objeto de proveedor de identidades que sea del tipo especificado en el cuerpo de la solicitud.
Entre los tipos de proveedores derivados de identityProviderBase, en Microsoft Entra, esta operación puede crear un recurso socialIdentityProvider, appleManagedIdentityProvider (solo inquilino externo) o un recurso oidcIdentityProvider (solo inquilino externo).
En Azure AD B2C, esta operación puede crear un socialIdentityProvider, appleManagedIdentityProvider, builtinIdentityProvider o un recurso openIdConnectIdentityProvider .
Esta API está disponible en las siguientes implementaciones nacionales de nube.
| Servicio global |
Gobierno de EE. UU. L4 |
Us Government L5 (DOD) |
China operada por 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Permissions
Elija el permiso o los permisos marcados como con privilegios mínimos para esta API. Use un permiso o permisos con privilegios superiores solo si la aplicación lo requiere. Para obtener más información sobre los permisos delegados y de aplicación, consulte Tipos de permisos. Para obtener más información sobre estos permisos, consulte la referencia de permisos.
| Tipo de permiso |
Permisos con privilegios mínimos |
Permisos con privilegios más altos |
| Delegado (cuenta profesional o educativa) |
IdentityProvider.ReadWrite.All |
No disponible. |
| Delegado (cuenta personal de Microsoft) |
No admitida. |
No admitida. |
| Aplicación |
IdentityProvider.ReadWrite.All |
No disponible. |
Importante
En escenarios delegados con cuentas profesionales o educativas, al usuario que ha iniciado sesión se le debe asignar un rol de Microsoft Entra compatible o un rol personalizado con un permiso de rol admitido.
El administrador del proveedor de identidades externo es el rol con privilegios mínimos admitido para esta operación.
Solicitud HTTP
POST /identity/identityProviders
| Nombre |
Descripción |
| Authorization |
{token} de portador. Obligatorio. Obtenga más información sobre la autenticación y la autorización. |
| Content-Type |
application/json. Obligatorio. |
Cuerpo de la solicitud
En el cuerpo de la solicitud, proporcione una representación JSON de socialIdentityProvider, oidcIdentityProvider o un objeto appleManagedIdentityProvider en Id. externa de Microsoft Entra.
En Azure AD B2C, proporcione una representación JSON de socialIdentityProvider, openIdConnectIdentityProvider o un objeto appleManagedIdentityProvider .
Se requieren todas las propiedades enumeradas en las tablas siguientes.
socialIdentityProvider (objeto)
| Propiedad |
Tipo |
Descripción |
| displayName |
Cadena |
El nombre para mostrar del proveedor de identidades. |
| clientId |
Cadena |
El identificador de cliente para la aplicación que se obtiene al registrar la aplicación con el proveedor de identidades. |
| clientSecret |
Cadena |
El secreto de cliente para la aplicación que se obtiene al registrar la aplicación con el proveedor de identidades. Es de solo escritura. Una operación de lectura devuelve ****. |
| identityProviderType |
Cadena |
En el caso de los inquilinos externos y de los empleados, valores posibles: Facebook, Google.
En el caso de los inquilinos de Azure AD B2C, los valores posibles son , MicrosoftGoogle, Amazon, LinkedIn, Facebook, GitHub, Twitter, Weibo, QQWeChat. |
appleManagedIdentityProvider (objeto)
| Propiedad |
Tipo |
Descripción |
| displayName |
Cadena |
El nombre para mostrar del proveedor de identidades. |
| developerId |
Cadena |
El identificador de desarrollador de Apple. |
| serviceId |
Cadena |
El identificador de servicio de Apple. |
| keyId |
Cadena |
El identificador de clave de Apple. |
| certificateData |
Cadena |
Los datos de certificado, que son una cadena larga de texto del certificado, puede ser nulo. |
openIdConnectIdentityProvider (objeto)
| Propiedad |
Tipo |
Descripción |
| displayName |
Cadena |
El nombre para mostrar del proveedor de identidades. |
| clientId |
Cadena |
El identificador de cliente para la aplicación que se obtiene al registrar la aplicación con el proveedor de identidades. |
| clientSecret |
String |
Secreto de cliente para la aplicación que se obtiene al registrar la aplicación con el proveedor de identidades. ClientSecret tiene una dependencia de responseType. - Cuando responseType es
code, se requiere un secreto para el intercambio de código de autenticación. - Cuando responseType es
id_token el secreto no es necesario porque no hay ningún intercambio de código en la canalización de autenticación. En este modo, el id_token se devuelve directamente desde la respuesta de autorización.
|
| domainHint |
Cadena |
La sugerencia de dominio se puede usar para ir directamente a la página de inicio de sesión del proveedor de identidades especificado, en lugar de hacer que el usuario realice una selección entre la lista de proveedores de identidades disponibles. |
| claimsMapping |
claimsMapping |
Una vez que el proveedor OIDC envía un token de identificador a Microsoft Entra ID, Microsoft Entra ID debe poder asignar las notificaciones del token recibido a las notificaciones que Microsoft Entra ID reconoce y usa. Este tipo complejo captura esa asignación. |
| metadataUrl |
Cadena |
Dirección URL del documento de metadatos del proveedor de identidades de OpenID Connect. Cada proveedor de identidades de OpenID Connect describe un documento de metadatos que contiene la mayor parte de la información necesaria para realizar el inicio de sesión. Esto incluye información como las direcciones URL que se van a usar y la ubicación de las claves de firma pública del servicio. El documento de metadatos de OpenID Connect siempre se encuentra en un punto de conexión que termina en .well-known/openid-configuration. Proporcione la dirección URL de metadatos para el proveedor de identidades de OpenID Connect que agregue. |
| responseMode |
Cadena |
El modo de respuesta define el método usado para enviar datos desde el proveedor de identidades personalizado a Azure AD B2C. Valores posibles: form_post, query. |
| responseType |
Cadena |
El tipo de respuesta describe el tipo de información que se devuelve en la llamada inicial al authorization_endpoint del proveedor de identidades personalizado. Valores posibles: code , id_token , token. |
| ámbito |
Cadena |
El ámbito define la información y los permisos que desea recopilar del proveedor de identidades personalizado. |
oidcIdentityProvider (objeto)
| Propiedad |
Tipo |
Descripción |
| clientAuthentication |
oidcClientAuthentication |
La configuración de autenticación de cliente. Use el tipo complejo derivado de oidcClientSecretAuthentication para configurar el proveedor de identidades con client_secret_post o client_secret_jwt authentication métodos. Use el tipo oidcPrivateJwtKeyClientAuthentication para configurar el proveedor de identidades con private_key_jwt el método de autenticación.
Por motivos de seguridad, client_secret_basic no se admite el método de autenticación. |
| clientId |
Cadena |
Id. de cliente para la aplicación que se obtiene al registrar la aplicación con el proveedor de identidades. |
| displayName |
Cadena |
El nombre para mostrar del proveedor de identidades. Se hereda de identityProviderBase. |
| id |
Cadena |
Identificador del proveedor de identidades. Obligatorio. Se hereda de identityProviderBase. Hereda de la entidad |
| inboundClaimMapping |
oidcInboundClaimMappingOverride |
Una vez que el proveedor OIDC envía un token de identificador a Id. externa de Microsoft Entra, Id. externa de Microsoft Entra debe poder asignar las notificaciones del token recibido a las notificaciones que Microsoft Entra ID reconoce y usa. Este tipo complejo captura esa asignación. |
| Emisor |
Cadena |
URI del emisor. El URI del emisor es una dirección URL que distingue mayúsculas de minúsculas que usa el esquema https que contiene esquema, host y, opcionalmente, componentes de número de puerto y ruta de acceso, y sin componentes de consulta o fragmento.
Nota: Actualmente no se admite la configuración de otros inquilinos de Microsoft Entra como proveedor de identidades externos. Como resultado, no se acepta el microsoftonline.com dominio en el URI del emisor. |
| responseType |
oidcResponseType |
El tipo de respuesta describe el tipo de información que se devuelve en la llamada inicial al authorization_endpoint del proveedor de identidades personalizado. Posibles valores:
code: según el flujo de código de autorización, se devuelve un código a Entra Id. externa. Entra Id. externa procede a llamar al token_endpoint para intercambiar el código por el token.
id_token: se devuelve un token de identificador a Entra Id. externa desde el proveedor de identidades personalizado. (Este valor no se admite en este momento).
token: se devuelve un token de acceso a Entra Id. externa desde el proveedor de identidades personalizado. Este valor no se admite actualmente. |
| ámbito |
Cadena |
El ámbito define la información y los permisos que desea recopilar del proveedor de identidades personalizado. |
| wellKnownEndpoint |
Cadena |
Dirección URL del documento de metadatos del proveedor de identidades de OpenID Connect. Cada proveedor de identidades de OpenID Connect describe un documento de metadatos que contiene la mayor parte de la información necesaria para realizar el inicio de sesión. Esto incluye información como las direcciones URL que se van a usar y la ubicación de las claves de firma pública del servicio. El documento de metadatos de OpenID Connect siempre se encuentra en un punto de conexión que termina en .well-known/openid-configuration.
Nota: Como mínimo, el documento de metadatos debe contener las siguientes propiedades: issuer, authorization_endpoint, token_endpoint, token_endpoint_auth_methods_supported, subject_types_supportedresponse_types_supportedy jwks_uri. Visite Las especificaciones de detección de OpenID Connect para obtener más detalles. |
Respuesta
Si se ejecuta correctamente, este método devuelve un 201 Created código de respuesta y una representación JSON de un objeto socialIdentityProvider en el cuerpo de la respuesta de un inquilino de Microsoft Entra.
Para un inquilino de Azure AD B2C, este método devuelve un 201 Created código de respuesta y una representación JSON de un socialIdentityProvider, openIdConnectIdentityProvider o un objeto appleManagedIdentityProvider en el cuerpo de la respuesta.
Si falla, se devolverá un error 4xx con detalles específicos.
Ejemplos
Ejemplo 1: Creación de un proveedor de identidades sociales
Solicitud
En el ejemplo siguiente se muestra la solicitud.
POST https://graph.microsoft.com/beta/identity/identityProviders
Content-type: application/json
{
"@odata.type": "microsoft.graph.socialIdentityProvider",
"displayName": "Login with Amazon",
"identityProviderType": "Amazon",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"clientSecret": "42*****96"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new SocialIdentityProvider
{
OdataType = "microsoft.graph.socialIdentityProvider",
DisplayName = "Login with Amazon",
IdentityProviderType = "Amazon",
ClientId = "00001111-aaaa-2222-bbbb-3333cccc4444",
ClientSecret = "42*****96",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewIdentityProviderBase()
displayName := "Login with Amazon"
requestBody.SetDisplayName(&displayName)
identityProviderType := "Amazon"
requestBody.SetIdentityProviderType(&identityProviderType)
clientId := "00001111-aaaa-2222-bbbb-3333cccc4444"
requestBody.SetClientId(&clientId)
clientSecret := "42*****96"
requestBody.SetClientSecret(&clientSecret)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
identityProviders, err := graphClient.Identity().IdentityProviders().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
SocialIdentityProvider identityProviderBase = new SocialIdentityProvider();
identityProviderBase.setOdataType("microsoft.graph.socialIdentityProvider");
identityProviderBase.setDisplayName("Login with Amazon");
identityProviderBase.setIdentityProviderType("Amazon");
identityProviderBase.setClientId("00001111-aaaa-2222-bbbb-3333cccc4444");
identityProviderBase.setClientSecret("42*****96");
IdentityProviderBase result = graphClient.identity().identityProviders().post(identityProviderBase);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProviderBase = {
'@odata.type': 'microsoft.graph.socialIdentityProvider',
displayName: 'Login with Amazon',
identityProviderType: 'Amazon',
clientId: '00001111-aaaa-2222-bbbb-3333cccc4444',
clientSecret: '42*****96'
};
await client.api('/identity/identityProviders')
.version('beta')
.post(identityProviderBase);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\SocialIdentityProvider;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new SocialIdentityProvider();
$requestBody->setOdataType('microsoft.graph.socialIdentityProvider');
$requestBody->setDisplayName('Login with Amazon');
$requestBody->setIdentityProviderType('Amazon');
$requestBody->setClientId('00001111-aaaa-2222-bbbb-3333cccc4444');
$requestBody->setClientSecret('42*****96');
$result = $graphServiceClient->identity()->identityProviders()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "microsoft.graph.socialIdentityProvider"
displayName = "Login with Amazon"
identityProviderType = "Amazon"
clientId = "00001111-aaaa-2222-bbbb-3333cccc4444"
clientSecret = "42*****96"
}
New-MgBetaIdentityProvider -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.social_identity_provider import SocialIdentityProvider
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = SocialIdentityProvider(
odata_type = "microsoft.graph.socialIdentityProvider",
display_name = "Login with Amazon",
identity_provider_type = "Amazon",
client_id = "00001111-aaaa-2222-bbbb-3333cccc4444",
client_secret = "42*****96",
)
result = await graph_client.identity.identity_providers.post(request_body)
Respuesta
En el ejemplo siguiente se muestra la respuesta.
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "microsoft.graph.socialIdentityProvider",
"id": "Amazon-OAUTH",
"displayName": "Login with Amazon",
"identityProviderType": "Amazon",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"clientSecret": "42*****96"
}
Ejemplo 2: Creación de un proveedor de identidades de Apple
Solicitud
En el ejemplo siguiente se muestra la solicitud.
POST https://graph.microsoft.com/beta/identity/identityProviders
Content-type: application/json
{
"@odata.type": "microsoft.graph.appleManagedIdentityProvider",
"displayName": "Apple",
"developerId": "qazx.1234",
"serviceId": "com.contoso.app",
"keyId": "4294967296",
"certificateData": "******"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AppleManagedIdentityProvider
{
OdataType = "microsoft.graph.appleManagedIdentityProvider",
DisplayName = "Apple",
DeveloperId = "qazx.1234",
ServiceId = "com.contoso.app",
KeyId = "4294967296",
CertificateData = "******",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewIdentityProviderBase()
displayName := "Apple"
requestBody.SetDisplayName(&displayName)
developerId := "qazx.1234"
requestBody.SetDeveloperId(&developerId)
serviceId := "com.contoso.app"
requestBody.SetServiceId(&serviceId)
keyId := "4294967296"
requestBody.SetKeyId(&keyId)
certificateData := "******"
requestBody.SetCertificateData(&certificateData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
identityProviders, err := graphClient.Identity().IdentityProviders().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AppleManagedIdentityProvider identityProviderBase = new AppleManagedIdentityProvider();
identityProviderBase.setOdataType("microsoft.graph.appleManagedIdentityProvider");
identityProviderBase.setDisplayName("Apple");
identityProviderBase.setDeveloperId("qazx.1234");
identityProviderBase.setServiceId("com.contoso.app");
identityProviderBase.setKeyId("4294967296");
identityProviderBase.setCertificateData("******");
IdentityProviderBase result = graphClient.identity().identityProviders().post(identityProviderBase);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProviderBase = {
'@odata.type': 'microsoft.graph.appleManagedIdentityProvider',
displayName: 'Apple',
developerId: 'qazx.1234',
serviceId: 'com.contoso.app',
keyId: '4294967296',
certificateData: '******'
};
await client.api('/identity/identityProviders')
.version('beta')
.post(identityProviderBase);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AppleManagedIdentityProvider;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AppleManagedIdentityProvider();
$requestBody->setOdataType('microsoft.graph.appleManagedIdentityProvider');
$requestBody->setDisplayName('Apple');
$requestBody->setDeveloperId('qazx.1234');
$requestBody->setServiceId('com.contoso.app');
$requestBody->setKeyId('4294967296');
$requestBody->setCertificateData('******');
$result = $graphServiceClient->identity()->identityProviders()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "microsoft.graph.appleManagedIdentityProvider"
displayName = "Apple"
developerId = "qazx.1234"
serviceId = "com.contoso.app"
keyId = "4294967296"
certificateData = "******"
}
New-MgBetaIdentityProvider -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.apple_managed_identity_provider import AppleManagedIdentityProvider
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AppleManagedIdentityProvider(
odata_type = "microsoft.graph.appleManagedIdentityProvider",
display_name = "Apple",
developer_id = "qazx.1234",
service_id = "com.contoso.app",
key_id = "4294967296",
certificate_data = "******",
)
result = await graph_client.identity.identity_providers.post(request_body)
Respuesta
En el ejemplo siguiente se muestra la respuesta.
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "microsoft.graph.appleManagedIdentityProvider",
"id": "Apple-Managed-OIDC",
"displayName": "Apple",
"developerId": "qazx.1234",
"serviceId": "com.contoso.app",
"keyId": "4294967296",
"certificateData": "******"
}
Ejemplo 3: Creación de un proveedor de identidades de OpenID Connect (inquilino B2C)
Solicitud
En el ejemplo siguiente se muestra la solicitud.
POST https://graph.microsoft.com/beta/identity/identityProviders
Content-type: application/json
{
"@odata.type": "microsoft.graph.openIdConnectIdentityProvider",
"displayName": "Contoso",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"clientSecret": "4294967296",
"claimsMapping": {
"userId": "myUserId",
"givenName": "myGivenName",
"surname": "mySurname",
"email": "myEmail",
"displayName": "myDisplayName"
},
"domainHint": "mycustomoidc",
"metadataUrl": "https://mycustomoidc.com/.well-known/openid-configuration",
"responseMode": "form_post",
"responseType": "code",
"scope": "openid"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new OpenIdConnectIdentityProvider
{
OdataType = "microsoft.graph.openIdConnectIdentityProvider",
DisplayName = "Contoso",
ClientId = "00001111-aaaa-2222-bbbb-3333cccc4444",
ClientSecret = "4294967296",
ClaimsMapping = new ClaimsMapping
{
UserId = "myUserId",
GivenName = "myGivenName",
Surname = "mySurname",
Email = "myEmail",
DisplayName = "myDisplayName",
},
DomainHint = "mycustomoidc",
MetadataUrl = "https://mycustomoidc.com/.well-known/openid-configuration",
ResponseMode = OpenIdConnectResponseMode.Form_post,
ResponseType = OpenIdConnectResponseTypes.Code,
Scope = "openid",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewIdentityProviderBase()
displayName := "Contoso"
requestBody.SetDisplayName(&displayName)
clientId := "00001111-aaaa-2222-bbbb-3333cccc4444"
requestBody.SetClientId(&clientId)
clientSecret := "4294967296"
requestBody.SetClientSecret(&clientSecret)
claimsMapping := graphmodels.NewClaimsMapping()
userId := "myUserId"
claimsMapping.SetUserId(&userId)
givenName := "myGivenName"
claimsMapping.SetGivenName(&givenName)
surname := "mySurname"
claimsMapping.SetSurname(&surname)
email := "myEmail"
claimsMapping.SetEmail(&email)
displayName := "myDisplayName"
claimsMapping.SetDisplayName(&displayName)
requestBody.SetClaimsMapping(claimsMapping)
domainHint := "mycustomoidc"
requestBody.SetDomainHint(&domainHint)
metadataUrl := "https://mycustomoidc.com/.well-known/openid-configuration"
requestBody.SetMetadataUrl(&metadataUrl)
responseMode := graphmodels.FORM_POST_OPENIDCONNECTRESPONSEMODE
requestBody.SetResponseMode(&responseMode)
responseType := graphmodels.CODE_OPENIDCONNECTRESPONSETYPES
requestBody.SetResponseType(&responseType)
scope := "openid"
requestBody.SetScope(&scope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
identityProviders, err := graphClient.Identity().IdentityProviders().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
OpenIdConnectIdentityProvider identityProviderBase = new OpenIdConnectIdentityProvider();
identityProviderBase.setOdataType("microsoft.graph.openIdConnectIdentityProvider");
identityProviderBase.setDisplayName("Contoso");
identityProviderBase.setClientId("00001111-aaaa-2222-bbbb-3333cccc4444");
identityProviderBase.setClientSecret("4294967296");
ClaimsMapping claimsMapping = new ClaimsMapping();
claimsMapping.setUserId("myUserId");
claimsMapping.setGivenName("myGivenName");
claimsMapping.setSurname("mySurname");
claimsMapping.setEmail("myEmail");
claimsMapping.setDisplayName("myDisplayName");
identityProviderBase.setClaimsMapping(claimsMapping);
identityProviderBase.setDomainHint("mycustomoidc");
identityProviderBase.setMetadataUrl("https://mycustomoidc.com/.well-known/openid-configuration");
identityProviderBase.setResponseMode(OpenIdConnectResponseMode.Form_post);
identityProviderBase.setResponseType(EnumSet.of(OpenIdConnectResponseTypes.Code));
identityProviderBase.setScope("openid");
IdentityProviderBase result = graphClient.identity().identityProviders().post(identityProviderBase);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProviderBase = {
'@odata.type': 'microsoft.graph.openIdConnectIdentityProvider',
displayName: 'Contoso',
clientId: '00001111-aaaa-2222-bbbb-3333cccc4444',
clientSecret: '4294967296',
claimsMapping: {
userId: 'myUserId',
givenName: 'myGivenName',
surname: 'mySurname',
email: 'myEmail',
displayName: 'myDisplayName'
},
domainHint: 'mycustomoidc',
metadataUrl: 'https://mycustomoidc.com/.well-known/openid-configuration',
responseMode: 'form_post',
responseType: 'code',
scope: 'openid'
};
await client.api('/identity/identityProviders')
.version('beta')
.post(identityProviderBase);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\OpenIdConnectIdentityProvider;
use Microsoft\Graph\Beta\Generated\Models\ClaimsMapping;
use Microsoft\Graph\Beta\Generated\Models\OpenIdConnectResponseMode;
use Microsoft\Graph\Beta\Generated\Models\OpenIdConnectResponseTypes;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new OpenIdConnectIdentityProvider();
$requestBody->setOdataType('microsoft.graph.openIdConnectIdentityProvider');
$requestBody->setDisplayName('Contoso');
$requestBody->setClientId('00001111-aaaa-2222-bbbb-3333cccc4444');
$requestBody->setClientSecret('4294967296');
$claimsMapping = new ClaimsMapping();
$claimsMapping->setUserId('myUserId');
$claimsMapping->setGivenName('myGivenName');
$claimsMapping->setSurname('mySurname');
$claimsMapping->setEmail('myEmail');
$claimsMapping->setDisplayName('myDisplayName');
$requestBody->setClaimsMapping($claimsMapping);
$requestBody->setDomainHint('mycustomoidc');
$requestBody->setMetadataUrl('https://mycustomoidc.com/.well-known/openid-configuration');
$requestBody->setResponseMode(new OpenIdConnectResponseMode('form_post'));
$requestBody->setResponseType(new OpenIdConnectResponseTypes('code'));
$requestBody->setScope('openid');
$result = $graphServiceClient->identity()->identityProviders()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "microsoft.graph.openIdConnectIdentityProvider"
displayName = "Contoso"
clientId = "00001111-aaaa-2222-bbbb-3333cccc4444"
clientSecret = "4294967296"
claimsMapping = @{
userId = "myUserId"
givenName = "myGivenName"
surname = "mySurname"
email = "myEmail"
displayName = "myDisplayName"
}
domainHint = "mycustomoidc"
metadataUrl = "https://mycustomoidc.com/.well-known/openid-configuration"
responseMode = "form_post"
responseType = "code"
scope = "openid"
}
New-MgBetaIdentityProvider -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.open_id_connect_identity_provider import OpenIdConnectIdentityProvider
from msgraph_beta.generated.models.claims_mapping import ClaimsMapping
from msgraph_beta.generated.models.open_id_connect_response_mode import OpenIdConnectResponseMode
from msgraph_beta.generated.models.open_id_connect_response_types import OpenIdConnectResponseTypes
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = OpenIdConnectIdentityProvider(
odata_type = "microsoft.graph.openIdConnectIdentityProvider",
display_name = "Contoso",
client_id = "00001111-aaaa-2222-bbbb-3333cccc4444",
client_secret = "4294967296",
claims_mapping = ClaimsMapping(
user_id = "myUserId",
given_name = "myGivenName",
surname = "mySurname",
email = "myEmail",
display_name = "myDisplayName",
),
domain_hint = "mycustomoidc",
metadata_url = "https://mycustomoidc.com/.well-known/openid-configuration",
response_mode = OpenIdConnectResponseMode.Form_post,
response_type = OpenIdConnectResponseTypes.Code,
scope = "openid",
)
result = await graph_client.identity.identity_providers.post(request_body)
Respuesta
En el ejemplo siguiente se muestra la respuesta.
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "microsoft.graph.openIdConnectIdentityProvider",
"id": "Contoso-OIDC-00001111-aaaa-2222-bbbb-3333cccc4444",
"displayName": "Contoso",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"clientSecret": "4294967296",
"claimsMapping": {
"userId": "myUserId",
"givenName": "myGivenName",
"surname": "mySurname",
"email": "myEmail",
"displayName": "myDisplayName"
},
"domainHint": "mycustomoidc",
"metadataUrl": "https://mycustomoidc.com/.well-known/openid-configuration",
"responseMode": "form_post",
"responseType": "code",
"scope": "openid"
}
Ejemplo 4: Creación de un proveedor de identidades de OpenID Connect (inquilino externo)
Solicitud
En el ejemplo siguiente se muestra la solicitud.
POST https://graph.microsoft.com/beta/identity/identityProviders
Content-type: application/json
{
"@odata.type": "#microsoft.graph.OidcIdentityProvider",
"displayName": "Contoso AAD B2C",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"issuer": "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/",
"wellKnownEndpoint": "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL",
"responseType": "code",
"scope": "openid profile email offline_access",
"clientAuthentication": {
"@odata.type": "#microsoft.graph.oidcClientSecretAuthentication",
"clientSecret": "4294967296"
},
"inboundClaimMapping": {
"sub": "sub",
"name": "name",
"given_name": "given_name",
"family_name": "family_name",
"email": "email",
"email_verified": "email_verified",
"phone_number": "phone_number",
"phone_number_verified": "phone_number_verified",
"address": {
"street_address": "street_address",
"locality": "locality",
"region": "region",
"postal_code": "postal_code",
"country": "country"
}
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new IdentityProviderBase
{
OdataType = "#microsoft.graph.OidcIdentityProvider",
DisplayName = "Contoso AAD B2C",
AdditionalData = new Dictionary<string, object>
{
{
"clientId" , "00001111-aaaa-2222-bbbb-3333cccc4444"
},
{
"issuer" , "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/"
},
{
"wellKnownEndpoint" , "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL"
},
{
"responseType" , "code"
},
{
"scope" , "openid profile email offline_access"
},
{
"clientAuthentication" , new OidcClientSecretAuthentication
{
OdataType = "#microsoft.graph.oidcClientSecretAuthentication",
ClientSecret = "4294967296",
}
},
{
"inboundClaimMapping" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"sub", new UntypedString("sub")
},
{
"name", new UntypedString("name")
},
{
"given_name", new UntypedString("given_name")
},
{
"family_name", new UntypedString("family_name")
},
{
"email", new UntypedString("email")
},
{
"email_verified", new UntypedString("email_verified")
},
{
"phone_number", new UntypedString("phone_number")
},
{
"phone_number_verified", new UntypedString("phone_number_verified")
},
{
"address", new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"street_address", new UntypedString("street_address")
},
{
"locality", new UntypedString("locality")
},
{
"region", new UntypedString("region")
},
{
"postal_code", new UntypedString("postal_code")
},
{
"country", new UntypedString("country")
},
})
},
})
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewIdentityProviderBase()
displayName := "Contoso AAD B2C"
requestBody.SetDisplayName(&displayName)
additionalData := map[string]interface{}{
"clientId" : "00001111-aaaa-2222-bbbb-3333cccc4444",
"issuer" : "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/",
"wellKnownEndpoint" : "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL",
"responseType" : "code",
"scope" : "openid profile email offline_access",
clientAuthentication := graphmodels.NewOidcClientSecretAuthentication()
clientSecret := "4294967296"
clientAuthentication.SetClientSecret(&clientSecret)
requestBody.SetClientAuthentication(clientAuthentication)
inboundClaimMapping := graph.New()
sub := "sub"
inboundClaimMapping.SetSub(&sub)
name := "name"
inboundClaimMapping.SetName(&name)
given_name := "given_name"
inboundClaimMapping.SetGiven_name(&given_name)
family_name := "family_name"
inboundClaimMapping.SetFamily_name(&family_name)
email := "email"
inboundClaimMapping.SetEmail(&email)
email_verified := "email_verified"
inboundClaimMapping.SetEmail_verified(&email_verified)
phone_number := "phone_number"
inboundClaimMapping.SetPhone_number(&phone_number)
phone_number_verified := "phone_number_verified"
inboundClaimMapping.SetPhone_number_verified(&phone_number_verified)
address := graph.New()
street_address := "street_address"
address.SetStreet_address(&street_address)
locality := "locality"
address.SetLocality(&locality)
region := "region"
address.SetRegion(®ion)
postal_code := "postal_code"
address.SetPostal_code(&postal_code)
country := "country"
address.SetCountry(&country)
inboundClaimMapping.SetAddress(address)
requestBody.SetInboundClaimMapping(inboundClaimMapping)
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
identityProviders, err := graphClient.Identity().IdentityProviders().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
IdentityProviderBase identityProviderBase = new IdentityProviderBase();
identityProviderBase.setOdataType("#microsoft.graph.OidcIdentityProvider");
identityProviderBase.setDisplayName("Contoso AAD B2C");
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("clientId", "00001111-aaaa-2222-bbbb-3333cccc4444");
additionalData.put("issuer", "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/");
additionalData.put("wellKnownEndpoint", "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL");
additionalData.put("responseType", "code");
additionalData.put("scope", "openid profile email offline_access");
OidcClientSecretAuthentication clientAuthentication = new OidcClientSecretAuthentication();
clientAuthentication.setOdataType("#microsoft.graph.oidcClientSecretAuthentication");
clientAuthentication.setClientSecret("4294967296");
additionalData.put("clientAuthentication", clientAuthentication);
inboundClaimMapping = new ();
inboundClaimMapping.setSub("sub");
inboundClaimMapping.setName("name");
inboundClaimMapping.setGivenName("given_name");
inboundClaimMapping.setFamilyName("family_name");
inboundClaimMapping.setEmail("email");
inboundClaimMapping.setEmailVerified("email_verified");
inboundClaimMapping.setPhoneNumber("phone_number");
inboundClaimMapping.setPhoneNumberVerified("phone_number_verified");
address = new ();
address.setStreetAddress("street_address");
address.setLocality("locality");
address.setRegion("region");
address.setPostalCode("postal_code");
address.setCountry("country");
inboundClaimMapping.setAddress(address);
additionalData.put("inboundClaimMapping", inboundClaimMapping);
identityProviderBase.setAdditionalData(additionalData);
IdentityProviderBase result = graphClient.identity().identityProviders().post(identityProviderBase);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProviderBase = {
'@odata.type': '#microsoft.graph.OidcIdentityProvider',
displayName: 'Contoso AAD B2C',
clientId: '00001111-aaaa-2222-bbbb-3333cccc4444',
issuer: 'https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/',
wellKnownEndpoint: 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL',
responseType: 'code',
scope: 'openid profile email offline_access',
clientAuthentication: {
'@odata.type': '#microsoft.graph.oidcClientSecretAuthentication',
clientSecret: '4294967296'
},
inboundClaimMapping: {
sub: 'sub',
name: 'name',
given_name: 'given_name',
family_name: 'family_name',
email: 'email',
email_verified: 'email_verified',
phone_number: 'phone_number',
phone_number_verified: 'phone_number_verified',
address: {
street_address: 'street_address',
locality: 'locality',
region: 'region',
postal_code: 'postal_code',
country: 'country'
}
}
};
await client.api('/identity/identityProviders')
.version('beta')
.post(identityProviderBase);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityProviderBase;
use Microsoft\Graph\Beta\Generated\Models\OidcClientSecretAuthentication;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new IdentityProviderBase();
$requestBody->setOdataType('#microsoft.graph.OidcIdentityProvider');
$requestBody->setDisplayName('Contoso AAD B2C');
$additionalData = [
'clientId' => '00001111-aaaa-2222-bbbb-3333cccc4444',
'issuer' => 'https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/',
'wellKnownEndpoint' => 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL',
'responseType' => 'code',
'scope' => 'openid profile email offline_access',
'clientAuthentication' => [
'@odata.type' => '#microsoft.graph.oidcClientSecretAuthentication',
'clientSecret' => '4294967296',
],
'inboundClaimMapping' => [
'sub' => 'sub',
'name' => 'name',
'given_name' => 'given_name',
'family_name' => 'family_name',
'email' => 'email',
'email_verified' => 'email_verified',
'phone_number' => 'phone_number',
'phone_number_verified' => 'phone_number_verified',
'address' => [
'street_address' => 'street_address',
'locality' => 'locality',
'region' => 'region',
'postal_code' => 'postal_code',
'country' => 'country',
],
],
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->identity()->identityProviders()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.OidcIdentityProvider"
displayName = "Contoso AAD B2C"
clientId = "00001111-aaaa-2222-bbbb-3333cccc4444"
issuer = "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/"
wellKnownEndpoint = "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL"
responseType = "code"
scope = "openid profile email offline_access"
clientAuthentication = @{
"@odata.type" = "#microsoft.graph.oidcClientSecretAuthentication"
clientSecret = "4294967296"
}
inboundClaimMapping = @{
sub = "sub"
name = "name"
given_name = "given_name"
family_name = "family_name"
email = "email"
email_verified = "email_verified"
phone_number = "phone_number"
phone_number_verified = "phone_number_verified"
address = @{
street_address = "street_address"
locality = "locality"
region = "region"
postal_code = "postal_code"
country = "country"
}
}
}
New-MgBetaIdentityProvider -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_provider_base import IdentityProviderBase
from msgraph_beta.generated.models.oidc_client_secret_authentication import OidcClientSecretAuthentication
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = IdentityProviderBase(
odata_type = "#microsoft.graph.OidcIdentityProvider",
display_name = "Contoso AAD B2C",
additional_data = {
"client_id" : "00001111-aaaa-2222-bbbb-3333cccc4444",
"issuer" : "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/",
"well_known_endpoint" : "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL",
"response_type" : "code",
"scope" : "openid profile email offline_access",
"client_authentication" : {
"@odata_type" : "#microsoft.graph.oidcClientSecretAuthentication",
"client_secret" : "4294967296",
},
"inbound_claim_mapping" : {
"sub" : "sub",
"name" : "name",
"given_name" : "given_name",
"family_name" : "family_name",
"email" : "email",
"email_verified" : "email_verified",
"phone_number" : "phone_number",
"phone_number_verified" : "phone_number_verified",
"address" : {
"street_address" : "street_address",
"locality" : "locality",
"region" : "region",
"postal_code" : "postal_code",
"country" : "country",
},
},
}
)
result = await graph_client.identity.identity_providers.post(request_body)
Respuesta
En el ejemplo siguiente se muestra la respuesta.
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "#microsoft.graph.OidcIdentityProvider",
"id": "12345678-abcd-1234-cdef-aaaaaaaaaaaa",
"displayName": "Contoso AAD B2C",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"issuer": "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/",
"wellKnownEndpoint": "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL",
"responseType": "code",
"scope": "openid profile email offline_access",
"clientAuthentication": {
"@odata.type": "#microsoft.graph.oidcClientSecretAuthentication",
"clientSecret": "*****"
},
"inboundClaimMapping": {
"sub": "sub",
"name": "name",
"given_name": "given_name",
"family_name": "family_name",
"email": "email",
"email_verified": "email_verified",
"phone_number": "phone_number",
"phone_number_verified": "phone_number_verified",
"address": {
"street_address": "street_address",
"locality": "locality",
"region": "region",
"postal_code": "postal_code",
"country": "country"
}
}
}