命名空间:microsoft.graph
重要
Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
创建请求正文中指定的类型的标识提供者对象。
在派生自 identityProviderBase 的提供程序类型中,在 Microsoft Entra 中,此操作可以创建 socialIdentityProvider、appleManagedIdentityProvider (仅) 外部租户,或者仅) 资源的外部租户 (oidcIdentityProvider。
在 Azure AD B2C 中,此操作可以创建 socialIdentityProvider、 appleManagedIdentityProvider、 builtinIdentityProvider 或 openIdConnectIdentityProvider 资源。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
✅ |
✅ |
✅ |
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
IdentityProvider.ReadWrite.All |
不可用。 |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
IdentityProvider.ReadWrite.All |
不可用。 |
重要
在具有工作或学校帐户的委托方案中,必须为登录用户分配受支持的Microsoft Entra角色或具有支持的角色权限的自定义角色。
外部标识提供者管理员 是此操作支持的最低特权角色。
HTTP 请求
POST /identity/identityProviders
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| Content-Type |
application/json. 必需。 |
请求正文
在请求正文中,在 Microsoft Entra 外部 ID 中提供 socialIdentityProvider、oidcIdentityProvider 或 appleManagedIdentityProvider 对象的 JSON 表示形式。
在 Azure AD 中,B2C 提供 socialIdentityProvider、 openIdConnectIdentityProvider 或 appleManagedIdentityProvider 对象的 JSON 表示形式。
下表中列出的所有属性均是必需的。
socialIdentityProvider 对象
| 属性 |
类型 |
说明 |
| displayName |
字符串 |
标识提供程序的显示名称。 |
| clientId |
字符串 |
向标识提供程序注册应用程序时,获取应用程序的客户端标识符。 |
| clientSecret |
字符串 |
向标识提供程序注册时获取的应用程序的客户端密码。 这是只读的。 读取操作返回 ****。 |
| identityProviderType |
String |
对于外部租户和劳动力租户,可能的值: Facebook、 Google。
对于 Azure AD B2C 租户,可能的值:Microsoft、、Google、Amazon、FacebookGitHubLinkedIn、WeiboTwitter、、 。 WeChatQQ |
appleManagedIdentityProvider 对象
| 属性 |
类型 |
说明 |
| displayName |
字符串 |
标识提供程序的显示名称。 |
| developerId |
String |
Apple 开发人员标识符。 |
| 服务 Id |
String |
Apple 服务标识符。 |
| keyId |
String |
Apple 密钥标识符。 |
| certificateData |
String |
证书中长文本字符串的证书数据可能是 null。 |
openIdConnectIdentityProvider 对象
| 属性 |
类型 |
说明 |
| displayName |
字符串 |
标识提供程序的显示名称。 |
| clientId |
字符串 |
向标识提供程序注册应用程序时,获取应用程序的客户端标识符。 |
| clientSecret |
字符串 |
使用身份提供程序注册应用时获取的应用客户端密码。 clientSecret 依赖于 responseType。 - 当 responseType 为
code时,身份验证代码交换需要机密。 - 当 responseType 为
id_token 时,不需要机密,因为身份验证管道中没有代码交换。 在此模式下,id_token直接从授权响应返回。
|
| domainHint |
String |
域提示可用于直接跳到指定标识提供者的登录页,而不是让用户在可用标识提供者列表中做出选择。 |
| claimsMapping |
claimsMapping |
在 OIDC 提供程序将 ID 令牌发送回Microsoft Entra ID后,Microsoft Entra ID需要能够将收到的令牌中的声明映射到Microsoft Entra ID识别和使用的声明。 此复杂类型捕获该映射。 |
| metadataUrl |
String |
OpenID Connect 标识提供者的元数据文档的 URL。 每个 OpenID Connect 标识提供者都描述了一个元数据文档,其中包含执行登录所需的大部分信息。 这包括要使用的 URL 和服务公共签名密钥的位置等信息。 OpenID Connect 元数据文档始终位于 以 结尾的终结点。.well-known/openid-configuration 提供添加的 OpenID Connect 标识提供者的元数据 URL。 |
| responseMode |
String |
响应模式定义用于将数据从自定义标识提供者发送回 Azure AD B2C 的方法。 可能的值: form_post、 query。 |
| responseType |
String |
响应类型描述在初始调用中发送回自定义标识提供者authorization_endpoint的信息的类型。 可能的值: code 、 id_token 、 token。 |
| 范围 |
String |
作用域定义要从自定义标识提供者收集的信息和权限。 |
oidcIdentityProvider 对象
| 属性 |
类型 |
说明 |
| clientAuthentication |
oidcClientAuthentication |
客户端身份验证设置。 使用 oidcClientSecretAuthentication 派生的复杂类型通过 或 client_secret_jwt authentication 方法设置标识提供者client_secret_post。 使用 oidcPrivateJwtKeyClientAuthentication 类型通过身份验证方法设置标识提供者 private_key_jwt 。
出于安全原因, client_secret_basic 不支持身份验证方法。 |
| clientId |
字符串 |
使用身份提供程序注册应用时获取的应用客户端 ID。 |
| displayName |
字符串 |
标识提供程序的显示名称。 继承自 identityProviderBase。 |
| id |
String |
标识提供者的标识符。必填。 继承自 identityProviderBase。 继承自 实体 |
| inboundClaimMapping |
oidcInboundClaimMappingOverride |
OIDC 提供程序将 ID 令牌发送回Microsoft Entra 外部 ID后,Microsoft Entra 外部 ID需要能够将收到的令牌中的声明映射到Microsoft Entra ID识别和使用的声明。 此复杂类型捕获该映射。 |
| 发行 |
String |
颁发者 URI。 颁发者 URI 是一个区分大小写的 URL,使用 https 方案包含方案、主机和(可选)端口号和路径组件,并且没有查询或片段组件。
注意:目前不支持将其他Microsoft Entra租户配置为外部标识提供者。 因此, microsoftonline.com 不接受颁发者 URI 中的域。 |
| responseType |
oidcResponseType |
响应类型描述在初始调用中发送回自定义标识提供者authorization_endpoint的信息的类型。 可能的值:
code:根据授权代码流,代码将返回到 Entra 外部 ID。 Entra 外部 ID继续调用token_endpoint以交换令牌的代码。
id_token:ID 令牌从自定义标识提供者返回到 Entra 外部 ID。 () 时不支持此值。
token:访问令牌从自定义标识提供者返回到 Entra 外部 ID。 此值当前不受支持。 |
| 范围 |
String |
作用域定义要从自定义标识提供者收集的信息和权限。 |
| wellKnownEndpoint |
String |
OpenID Connect 标识提供者的元数据文档的 URL。 每个 OpenID Connect 标识提供者都描述了一个元数据文档,其中包含执行登录所需的大部分信息。 这包括要使用的 URL 和服务公共签名密钥的位置等信息。 OpenID Connect 元数据文档始终位于 以 结尾的终结点。.well-known/openid-configuration
注意:元数据文档至少应包含以下属性:issuer、、authorization_endpoint、token_endpoint、token_endpoint_auth_methods_supportedresponse_types_supported、 subject_types_supported 和 jwks_uri。 有关更多详细信息,请访问 OpenID Connect 发现 规范。 |
响应
如果成功,此方法在201 CreatedMicrosoft Entra租户的响应正文中返回一个响应代码和 socialIdentityProvider 对象的 JSON 表示形式。
对于 Azure AD B2C 租户,此方法在响应正文中返回 201 CreatedsocialIdentityProvider、 openIdConnectIdentityProvider 或 appleManagedIdentityProvider 对象的响应代码和 JSON 表示形式。
如果失败,将返回 4xx 错误并显示具体详细信息。
示例
示例 1:创建社交标识提供者
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/identity/identityProviders
Content-type: application/json
{
"@odata.type": "microsoft.graph.socialIdentityProvider",
"displayName": "Login with Amazon",
"identityProviderType": "Amazon",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"clientSecret": "42*****96"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new SocialIdentityProvider
{
OdataType = "microsoft.graph.socialIdentityProvider",
DisplayName = "Login with Amazon",
IdentityProviderType = "Amazon",
ClientId = "00001111-aaaa-2222-bbbb-3333cccc4444",
ClientSecret = "42*****96",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);
mgc-beta identity identity-providers create --body '{\
"@odata.type": "microsoft.graph.socialIdentityProvider",\
"displayName": "Login with Amazon",\
"identityProviderType": "Amazon",\
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",\
"clientSecret": "42*****96"\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewIdentityProviderBase()
displayName := "Login with Amazon"
requestBody.SetDisplayName(&displayName)
identityProviderType := "Amazon"
requestBody.SetIdentityProviderType(&identityProviderType)
clientId := "00001111-aaaa-2222-bbbb-3333cccc4444"
requestBody.SetClientId(&clientId)
clientSecret := "42*****96"
requestBody.SetClientSecret(&clientSecret)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
identityProviders, err := graphClient.Identity().IdentityProviders().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
SocialIdentityProvider identityProviderBase = new SocialIdentityProvider();
identityProviderBase.setOdataType("microsoft.graph.socialIdentityProvider");
identityProviderBase.setDisplayName("Login with Amazon");
identityProviderBase.setIdentityProviderType("Amazon");
identityProviderBase.setClientId("00001111-aaaa-2222-bbbb-3333cccc4444");
identityProviderBase.setClientSecret("42*****96");
IdentityProviderBase result = graphClient.identity().identityProviders().post(identityProviderBase);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProviderBase = {
'@odata.type': 'microsoft.graph.socialIdentityProvider',
displayName: 'Login with Amazon',
identityProviderType: 'Amazon',
clientId: '00001111-aaaa-2222-bbbb-3333cccc4444',
clientSecret: '42*****96'
};
await client.api('/identity/identityProviders')
.version('beta')
.post(identityProviderBase);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\SocialIdentityProvider;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new SocialIdentityProvider();
$requestBody->setOdataType('microsoft.graph.socialIdentityProvider');
$requestBody->setDisplayName('Login with Amazon');
$requestBody->setIdentityProviderType('Amazon');
$requestBody->setClientId('00001111-aaaa-2222-bbbb-3333cccc4444');
$requestBody->setClientSecret('42*****96');
$result = $graphServiceClient->identity()->identityProviders()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "microsoft.graph.socialIdentityProvider"
displayName = "Login with Amazon"
identityProviderType = "Amazon"
clientId = "00001111-aaaa-2222-bbbb-3333cccc4444"
clientSecret = "42*****96"
}
New-MgBetaIdentityProvider -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.social_identity_provider import SocialIdentityProvider
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = SocialIdentityProvider(
odata_type = "microsoft.graph.socialIdentityProvider",
display_name = "Login with Amazon",
identity_provider_type = "Amazon",
client_id = "00001111-aaaa-2222-bbbb-3333cccc4444",
client_secret = "42*****96",
)
result = await graph_client.identity.identity_providers.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "microsoft.graph.socialIdentityProvider",
"id": "Amazon-OAUTH",
"displayName": "Login with Amazon",
"identityProviderType": "Amazon",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"clientSecret": "42*****96"
}
示例 2:创建 Apple 标识提供者
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/identity/identityProviders
Content-type: application/json
{
"@odata.type": "microsoft.graph.appleManagedIdentityProvider",
"displayName": "Apple",
"developerId": "qazx.1234",
"serviceId": "com.contoso.app",
"keyId": "4294967296",
"certificateData": "******"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AppleManagedIdentityProvider
{
OdataType = "microsoft.graph.appleManagedIdentityProvider",
DisplayName = "Apple",
DeveloperId = "qazx.1234",
ServiceId = "com.contoso.app",
KeyId = "4294967296",
CertificateData = "******",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);
mgc-beta identity identity-providers create --body '{\
"@odata.type": "microsoft.graph.appleManagedIdentityProvider",\
"displayName": "Apple",\
"developerId": "qazx.1234",\
"serviceId": "com.contoso.app",\
"keyId": "4294967296",\
"certificateData": "******"\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewIdentityProviderBase()
displayName := "Apple"
requestBody.SetDisplayName(&displayName)
developerId := "qazx.1234"
requestBody.SetDeveloperId(&developerId)
serviceId := "com.contoso.app"
requestBody.SetServiceId(&serviceId)
keyId := "4294967296"
requestBody.SetKeyId(&keyId)
certificateData := "******"
requestBody.SetCertificateData(&certificateData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
identityProviders, err := graphClient.Identity().IdentityProviders().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AppleManagedIdentityProvider identityProviderBase = new AppleManagedIdentityProvider();
identityProviderBase.setOdataType("microsoft.graph.appleManagedIdentityProvider");
identityProviderBase.setDisplayName("Apple");
identityProviderBase.setDeveloperId("qazx.1234");
identityProviderBase.setServiceId("com.contoso.app");
identityProviderBase.setKeyId("4294967296");
identityProviderBase.setCertificateData("******");
IdentityProviderBase result = graphClient.identity().identityProviders().post(identityProviderBase);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProviderBase = {
'@odata.type': 'microsoft.graph.appleManagedIdentityProvider',
displayName: 'Apple',
developerId: 'qazx.1234',
serviceId: 'com.contoso.app',
keyId: '4294967296',
certificateData: '******'
};
await client.api('/identity/identityProviders')
.version('beta')
.post(identityProviderBase);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AppleManagedIdentityProvider;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AppleManagedIdentityProvider();
$requestBody->setOdataType('microsoft.graph.appleManagedIdentityProvider');
$requestBody->setDisplayName('Apple');
$requestBody->setDeveloperId('qazx.1234');
$requestBody->setServiceId('com.contoso.app');
$requestBody->setKeyId('4294967296');
$requestBody->setCertificateData('******');
$result = $graphServiceClient->identity()->identityProviders()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "microsoft.graph.appleManagedIdentityProvider"
displayName = "Apple"
developerId = "qazx.1234"
serviceId = "com.contoso.app"
keyId = "4294967296"
certificateData = "******"
}
New-MgBetaIdentityProvider -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.apple_managed_identity_provider import AppleManagedIdentityProvider
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AppleManagedIdentityProvider(
odata_type = "microsoft.graph.appleManagedIdentityProvider",
display_name = "Apple",
developer_id = "qazx.1234",
service_id = "com.contoso.app",
key_id = "4294967296",
certificate_data = "******",
)
result = await graph_client.identity.identity_providers.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "microsoft.graph.appleManagedIdentityProvider",
"id": "Apple-Managed-OIDC",
"displayName": "Apple",
"developerId": "qazx.1234",
"serviceId": "com.contoso.app",
"keyId": "4294967296",
"certificateData": "******"
}
示例 3: (B2C 租户) 创建 OpenID Connect 标识提供者
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/identity/identityProviders
Content-type: application/json
{
"@odata.type": "microsoft.graph.openIdConnectIdentityProvider",
"displayName": "Contoso",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"clientSecret": "4294967296",
"claimsMapping": {
"userId": "myUserId",
"givenName": "myGivenName",
"surname": "mySurname",
"email": "myEmail",
"displayName": "myDisplayName"
},
"domainHint": "mycustomoidc",
"metadataUrl": "https://mycustomoidc.com/.well-known/openid-configuration",
"responseMode": "form_post",
"responseType": "code",
"scope": "openid"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new OpenIdConnectIdentityProvider
{
OdataType = "microsoft.graph.openIdConnectIdentityProvider",
DisplayName = "Contoso",
ClientId = "00001111-aaaa-2222-bbbb-3333cccc4444",
ClientSecret = "4294967296",
ClaimsMapping = new ClaimsMapping
{
UserId = "myUserId",
GivenName = "myGivenName",
Surname = "mySurname",
Email = "myEmail",
DisplayName = "myDisplayName",
},
DomainHint = "mycustomoidc",
MetadataUrl = "https://mycustomoidc.com/.well-known/openid-configuration",
ResponseMode = OpenIdConnectResponseMode.Form_post,
ResponseType = OpenIdConnectResponseTypes.Code,
Scope = "openid",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);
mgc-beta identity identity-providers create --body '{\
"@odata.type": "microsoft.graph.openIdConnectIdentityProvider",\
"displayName": "Contoso",\
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",\
"clientSecret": "4294967296",\
"claimsMapping": {\
"userId": "myUserId",\
"givenName": "myGivenName",\
"surname": "mySurname",\
"email": "myEmail",\
"displayName": "myDisplayName"\
},\
"domainHint": "mycustomoidc",\
"metadataUrl": "https://mycustomoidc.com/.well-known/openid-configuration",\
"responseMode": "form_post",\
"responseType": "code",\
"scope": "openid"\
}\
\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewIdentityProviderBase()
displayName := "Contoso"
requestBody.SetDisplayName(&displayName)
clientId := "00001111-aaaa-2222-bbbb-3333cccc4444"
requestBody.SetClientId(&clientId)
clientSecret := "4294967296"
requestBody.SetClientSecret(&clientSecret)
claimsMapping := graphmodels.NewClaimsMapping()
userId := "myUserId"
claimsMapping.SetUserId(&userId)
givenName := "myGivenName"
claimsMapping.SetGivenName(&givenName)
surname := "mySurname"
claimsMapping.SetSurname(&surname)
email := "myEmail"
claimsMapping.SetEmail(&email)
displayName := "myDisplayName"
claimsMapping.SetDisplayName(&displayName)
requestBody.SetClaimsMapping(claimsMapping)
domainHint := "mycustomoidc"
requestBody.SetDomainHint(&domainHint)
metadataUrl := "https://mycustomoidc.com/.well-known/openid-configuration"
requestBody.SetMetadataUrl(&metadataUrl)
responseMode := graphmodels.FORM_POST_OPENIDCONNECTRESPONSEMODE
requestBody.SetResponseMode(&responseMode)
responseType := graphmodels.CODE_OPENIDCONNECTRESPONSETYPES
requestBody.SetResponseType(&responseType)
scope := "openid"
requestBody.SetScope(&scope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
identityProviders, err := graphClient.Identity().IdentityProviders().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
OpenIdConnectIdentityProvider identityProviderBase = new OpenIdConnectIdentityProvider();
identityProviderBase.setOdataType("microsoft.graph.openIdConnectIdentityProvider");
identityProviderBase.setDisplayName("Contoso");
identityProviderBase.setClientId("00001111-aaaa-2222-bbbb-3333cccc4444");
identityProviderBase.setClientSecret("4294967296");
ClaimsMapping claimsMapping = new ClaimsMapping();
claimsMapping.setUserId("myUserId");
claimsMapping.setGivenName("myGivenName");
claimsMapping.setSurname("mySurname");
claimsMapping.setEmail("myEmail");
claimsMapping.setDisplayName("myDisplayName");
identityProviderBase.setClaimsMapping(claimsMapping);
identityProviderBase.setDomainHint("mycustomoidc");
identityProviderBase.setMetadataUrl("https://mycustomoidc.com/.well-known/openid-configuration");
identityProviderBase.setResponseMode(OpenIdConnectResponseMode.Form_post);
identityProviderBase.setResponseType(EnumSet.of(OpenIdConnectResponseTypes.Code));
identityProviderBase.setScope("openid");
IdentityProviderBase result = graphClient.identity().identityProviders().post(identityProviderBase);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProviderBase = {
'@odata.type': 'microsoft.graph.openIdConnectIdentityProvider',
displayName: 'Contoso',
clientId: '00001111-aaaa-2222-bbbb-3333cccc4444',
clientSecret: '4294967296',
claimsMapping: {
userId: 'myUserId',
givenName: 'myGivenName',
surname: 'mySurname',
email: 'myEmail',
displayName: 'myDisplayName'
},
domainHint: 'mycustomoidc',
metadataUrl: 'https://mycustomoidc.com/.well-known/openid-configuration',
responseMode: 'form_post',
responseType: 'code',
scope: 'openid'
};
await client.api('/identity/identityProviders')
.version('beta')
.post(identityProviderBase);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\OpenIdConnectIdentityProvider;
use Microsoft\Graph\Beta\Generated\Models\ClaimsMapping;
use Microsoft\Graph\Beta\Generated\Models\OpenIdConnectResponseMode;
use Microsoft\Graph\Beta\Generated\Models\OpenIdConnectResponseTypes;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new OpenIdConnectIdentityProvider();
$requestBody->setOdataType('microsoft.graph.openIdConnectIdentityProvider');
$requestBody->setDisplayName('Contoso');
$requestBody->setClientId('00001111-aaaa-2222-bbbb-3333cccc4444');
$requestBody->setClientSecret('4294967296');
$claimsMapping = new ClaimsMapping();
$claimsMapping->setUserId('myUserId');
$claimsMapping->setGivenName('myGivenName');
$claimsMapping->setSurname('mySurname');
$claimsMapping->setEmail('myEmail');
$claimsMapping->setDisplayName('myDisplayName');
$requestBody->setClaimsMapping($claimsMapping);
$requestBody->setDomainHint('mycustomoidc');
$requestBody->setMetadataUrl('https://mycustomoidc.com/.well-known/openid-configuration');
$requestBody->setResponseMode(new OpenIdConnectResponseMode('form_post'));
$requestBody->setResponseType(new OpenIdConnectResponseTypes('code'));
$requestBody->setScope('openid');
$result = $graphServiceClient->identity()->identityProviders()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "microsoft.graph.openIdConnectIdentityProvider"
displayName = "Contoso"
clientId = "00001111-aaaa-2222-bbbb-3333cccc4444"
clientSecret = "4294967296"
claimsMapping = @{
userId = "myUserId"
givenName = "myGivenName"
surname = "mySurname"
email = "myEmail"
displayName = "myDisplayName"
}
domainHint = "mycustomoidc"
metadataUrl = "https://mycustomoidc.com/.well-known/openid-configuration"
responseMode = "form_post"
responseType = "code"
scope = "openid"
}
New-MgBetaIdentityProvider -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.open_id_connect_identity_provider import OpenIdConnectIdentityProvider
from msgraph_beta.generated.models.claims_mapping import ClaimsMapping
from msgraph_beta.generated.models.open_id_connect_response_mode import OpenIdConnectResponseMode
from msgraph_beta.generated.models.open_id_connect_response_types import OpenIdConnectResponseTypes
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = OpenIdConnectIdentityProvider(
odata_type = "microsoft.graph.openIdConnectIdentityProvider",
display_name = "Contoso",
client_id = "00001111-aaaa-2222-bbbb-3333cccc4444",
client_secret = "4294967296",
claims_mapping = ClaimsMapping(
user_id = "myUserId",
given_name = "myGivenName",
surname = "mySurname",
email = "myEmail",
display_name = "myDisplayName",
),
domain_hint = "mycustomoidc",
metadata_url = "https://mycustomoidc.com/.well-known/openid-configuration",
response_mode = OpenIdConnectResponseMode.Form_post,
response_type = OpenIdConnectResponseTypes.Code,
scope = "openid",
)
result = await graph_client.identity.identity_providers.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "microsoft.graph.openIdConnectIdentityProvider",
"id": "Contoso-OIDC-00001111-aaaa-2222-bbbb-3333cccc4444",
"displayName": "Contoso",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"clientSecret": "4294967296",
"claimsMapping": {
"userId": "myUserId",
"givenName": "myGivenName",
"surname": "mySurname",
"email": "myEmail",
"displayName": "myDisplayName"
},
"domainHint": "mycustomoidc",
"metadataUrl": "https://mycustomoidc.com/.well-known/openid-configuration",
"responseMode": "form_post",
"responseType": "code",
"scope": "openid"
}
示例 4: (外部租户) 创建 OpenID Connect 标识提供者
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/identity/identityProviders
Content-type: application/json
{
"@odata.type": "#microsoft.graph.OidcIdentityProvider",
"displayName": "Contoso AAD B2C",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"issuer": "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/",
"wellKnownEndpoint": "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL",
"responseType": "code",
"scope": "openid profile email offline_access",
"clientAuthentication": {
"@odata.type": "#microsoft.graph.oidcClientSecretAuthentication",
"clientSecret": "4294967296"
},
"inboundClaimMapping": {
"sub": "sub",
"name": "name",
"given_name": "given_name",
"family_name": "family_name",
"email": "email",
"email_verified": "email_verified",
"phone_number": "phone_number",
"phone_number_verified": "phone_number_verified",
"address": {
"street_address": "street_address",
"locality": "locality",
"region": "region",
"postal_code": "postal_code",
"country": "country"
}
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new IdentityProviderBase
{
OdataType = "#microsoft.graph.OidcIdentityProvider",
DisplayName = "Contoso AAD B2C",
AdditionalData = new Dictionary<string, object>
{
{
"clientId" , "00001111-aaaa-2222-bbbb-3333cccc4444"
},
{
"issuer" , "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/"
},
{
"wellKnownEndpoint" , "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL"
},
{
"responseType" , "code"
},
{
"scope" , "openid profile email offline_access"
},
{
"clientAuthentication" , new OidcClientSecretAuthentication
{
OdataType = "#microsoft.graph.oidcClientSecretAuthentication",
ClientSecret = "4294967296",
}
},
{
"inboundClaimMapping" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"sub", new UntypedString("sub")
},
{
"name", new UntypedString("name")
},
{
"given_name", new UntypedString("given_name")
},
{
"family_name", new UntypedString("family_name")
},
{
"email", new UntypedString("email")
},
{
"email_verified", new UntypedString("email_verified")
},
{
"phone_number", new UntypedString("phone_number")
},
{
"phone_number_verified", new UntypedString("phone_number_verified")
},
{
"address", new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"street_address", new UntypedString("street_address")
},
{
"locality", new UntypedString("locality")
},
{
"region", new UntypedString("region")
},
{
"postal_code", new UntypedString("postal_code")
},
{
"country", new UntypedString("country")
},
})
},
})
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);
mgc-beta identity identity-providers create --body '{\
"@odata.type": "#microsoft.graph.OidcIdentityProvider",\
"displayName": "Contoso AAD B2C",\
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",\
"issuer": "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/",\
"wellKnownEndpoint": "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL",\
"responseType": "code",\
"scope": "openid profile email offline_access",\
"clientAuthentication": {\
"@odata.type": "#microsoft.graph.oidcClientSecretAuthentication",\
"clientSecret": "4294967296"\
},\
"inboundClaimMapping": {\
"sub": "sub",\
"name": "name",\
"given_name": "given_name",\
"family_name": "family_name",\
"email": "email",\
"email_verified": "email_verified",\
"phone_number": "phone_number",\
"phone_number_verified": "phone_number_verified",\
"address": {\
"street_address": "street_address",\
"locality": "locality",\
"region": "region",\
"postal_code": "postal_code",\
"country": "country"\
}\
}\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewIdentityProviderBase()
displayName := "Contoso AAD B2C"
requestBody.SetDisplayName(&displayName)
additionalData := map[string]interface{}{
"clientId" : "00001111-aaaa-2222-bbbb-3333cccc4444",
"issuer" : "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/",
"wellKnownEndpoint" : "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL",
"responseType" : "code",
"scope" : "openid profile email offline_access",
clientAuthentication := graphmodels.NewOidcClientSecretAuthentication()
clientSecret := "4294967296"
clientAuthentication.SetClientSecret(&clientSecret)
requestBody.SetClientAuthentication(clientAuthentication)
inboundClaimMapping := graph.New()
sub := "sub"
inboundClaimMapping.SetSub(&sub)
name := "name"
inboundClaimMapping.SetName(&name)
given_name := "given_name"
inboundClaimMapping.SetGiven_name(&given_name)
family_name := "family_name"
inboundClaimMapping.SetFamily_name(&family_name)
email := "email"
inboundClaimMapping.SetEmail(&email)
email_verified := "email_verified"
inboundClaimMapping.SetEmail_verified(&email_verified)
phone_number := "phone_number"
inboundClaimMapping.SetPhone_number(&phone_number)
phone_number_verified := "phone_number_verified"
inboundClaimMapping.SetPhone_number_verified(&phone_number_verified)
address := graph.New()
street_address := "street_address"
address.SetStreet_address(&street_address)
locality := "locality"
address.SetLocality(&locality)
region := "region"
address.SetRegion(®ion)
postal_code := "postal_code"
address.SetPostal_code(&postal_code)
country := "country"
address.SetCountry(&country)
inboundClaimMapping.SetAddress(address)
requestBody.SetInboundClaimMapping(inboundClaimMapping)
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
identityProviders, err := graphClient.Identity().IdentityProviders().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
IdentityProviderBase identityProviderBase = new IdentityProviderBase();
identityProviderBase.setOdataType("#microsoft.graph.OidcIdentityProvider");
identityProviderBase.setDisplayName("Contoso AAD B2C");
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("clientId", "00001111-aaaa-2222-bbbb-3333cccc4444");
additionalData.put("issuer", "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/");
additionalData.put("wellKnownEndpoint", "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL");
additionalData.put("responseType", "code");
additionalData.put("scope", "openid profile email offline_access");
OidcClientSecretAuthentication clientAuthentication = new OidcClientSecretAuthentication();
clientAuthentication.setOdataType("#microsoft.graph.oidcClientSecretAuthentication");
clientAuthentication.setClientSecret("4294967296");
additionalData.put("clientAuthentication", clientAuthentication);
inboundClaimMapping = new ();
inboundClaimMapping.setSub("sub");
inboundClaimMapping.setName("name");
inboundClaimMapping.setGivenName("given_name");
inboundClaimMapping.setFamilyName("family_name");
inboundClaimMapping.setEmail("email");
inboundClaimMapping.setEmailVerified("email_verified");
inboundClaimMapping.setPhoneNumber("phone_number");
inboundClaimMapping.setPhoneNumberVerified("phone_number_verified");
address = new ();
address.setStreetAddress("street_address");
address.setLocality("locality");
address.setRegion("region");
address.setPostalCode("postal_code");
address.setCountry("country");
inboundClaimMapping.setAddress(address);
additionalData.put("inboundClaimMapping", inboundClaimMapping);
identityProviderBase.setAdditionalData(additionalData);
IdentityProviderBase result = graphClient.identity().identityProviders().post(identityProviderBase);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProviderBase = {
'@odata.type': '#microsoft.graph.OidcIdentityProvider',
displayName: 'Contoso AAD B2C',
clientId: '00001111-aaaa-2222-bbbb-3333cccc4444',
issuer: 'https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/',
wellKnownEndpoint: 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL',
responseType: 'code',
scope: 'openid profile email offline_access',
clientAuthentication: {
'@odata.type': '#microsoft.graph.oidcClientSecretAuthentication',
clientSecret: '4294967296'
},
inboundClaimMapping: {
sub: 'sub',
name: 'name',
given_name: 'given_name',
family_name: 'family_name',
email: 'email',
email_verified: 'email_verified',
phone_number: 'phone_number',
phone_number_verified: 'phone_number_verified',
address: {
street_address: 'street_address',
locality: 'locality',
region: 'region',
postal_code: 'postal_code',
country: 'country'
}
}
};
await client.api('/identity/identityProviders')
.version('beta')
.post(identityProviderBase);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityProviderBase;
use Microsoft\Graph\Beta\Generated\Models\OidcClientSecretAuthentication;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new IdentityProviderBase();
$requestBody->setOdataType('#microsoft.graph.OidcIdentityProvider');
$requestBody->setDisplayName('Contoso AAD B2C');
$additionalData = [
'clientId' => '00001111-aaaa-2222-bbbb-3333cccc4444',
'issuer' => 'https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/',
'wellKnownEndpoint' => 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL',
'responseType' => 'code',
'scope' => 'openid profile email offline_access',
'clientAuthentication' => [
'@odata.type' => '#microsoft.graph.oidcClientSecretAuthentication',
'clientSecret' => '4294967296',
],
'inboundClaimMapping' => [
'sub' => 'sub',
'name' => 'name',
'given_name' => 'given_name',
'family_name' => 'family_name',
'email' => 'email',
'email_verified' => 'email_verified',
'phone_number' => 'phone_number',
'phone_number_verified' => 'phone_number_verified',
'address' => [
'street_address' => 'street_address',
'locality' => 'locality',
'region' => 'region',
'postal_code' => 'postal_code',
'country' => 'country',
],
],
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->identity()->identityProviders()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.OidcIdentityProvider"
displayName = "Contoso AAD B2C"
clientId = "00001111-aaaa-2222-bbbb-3333cccc4444"
issuer = "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/"
wellKnownEndpoint = "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL"
responseType = "code"
scope = "openid profile email offline_access"
clientAuthentication = @{
"@odata.type" = "#microsoft.graph.oidcClientSecretAuthentication"
clientSecret = "4294967296"
}
inboundClaimMapping = @{
sub = "sub"
name = "name"
given_name = "given_name"
family_name = "family_name"
email = "email"
email_verified = "email_verified"
phone_number = "phone_number"
phone_number_verified = "phone_number_verified"
address = @{
street_address = "street_address"
locality = "locality"
region = "region"
postal_code = "postal_code"
country = "country"
}
}
}
New-MgBetaIdentityProvider -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_provider_base import IdentityProviderBase
from msgraph_beta.generated.models.oidc_client_secret_authentication import OidcClientSecretAuthentication
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = IdentityProviderBase(
odata_type = "#microsoft.graph.OidcIdentityProvider",
display_name = "Contoso AAD B2C",
additional_data = {
"client_id" : "00001111-aaaa-2222-bbbb-3333cccc4444",
"issuer" : "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/",
"well_known_endpoint" : "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL",
"response_type" : "code",
"scope" : "openid profile email offline_access",
"client_authentication" : {
"@odata_type" : "#microsoft.graph.oidcClientSecretAuthentication",
"client_secret" : "4294967296",
},
"inbound_claim_mapping" : {
"sub" : "sub",
"name" : "name",
"given_name" : "given_name",
"family_name" : "family_name",
"email" : "email",
"email_verified" : "email_verified",
"phone_number" : "phone_number",
"phone_number_verified" : "phone_number_verified",
"address" : {
"street_address" : "street_address",
"locality" : "locality",
"region" : "region",
"postal_code" : "postal_code",
"country" : "country",
},
},
}
)
result = await graph_client.identity.identity_providers.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "#microsoft.graph.OidcIdentityProvider",
"id": "12345678-abcd-1234-cdef-aaaaaaaaaaaa",
"displayName": "Contoso AAD B2C",
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"issuer": "https://contoso.b2clogin.com/00001111-aaaa-2222-bbbb-3333cccc4444/v2.0/",
"wellKnownEndpoint": "https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNINEMAIL",
"responseType": "code",
"scope": "openid profile email offline_access",
"clientAuthentication": {
"@odata.type": "#microsoft.graph.oidcClientSecretAuthentication",
"clientSecret": "*****"
},
"inboundClaimMapping": {
"sub": "sub",
"name": "name",
"given_name": "given_name",
"family_name": "family_name",
"email": "email",
"email_verified": "email_verified",
"phone_number": "phone_number",
"phone_number_verified": "phone_number_verified",
"address": {
"street_address": "street_address",
"locality": "locality",
"region": "region",
"postal_code": "postal_code",
"country": "country"
}
}
}