{ "name": "iap", "display_name": "身份识别平台", "description": "IAP服务OIDC配置管理接口", "domain": "other", "api_version": "2024-07-13", "endpoint": "iap.tencentcloudapi.com", "actions": [ { "name": "CreateIAPUserOIDCConfig", "description": "创建用户OIDC配置。只能创建一个用户OIDC身份提供商,并且创建用户OIDC配置之后会自动关闭用户SAML SSO身份提供商。", "status": "online", "parameters": [ { "name": "IdentityUrl", "type": "string", "required": true, "description": "身份提供商URL。OpenID Connect身份提供商标识。对应企业IdP提供的Openid-configuration中\"issuer\"字段的值。", "example": "https://xxx.qq.cn/oidc" }, { "name": "ClientId", "type": "string", "required": true, "description": "客户端ID,在OpenID Connect身份提供商注册的客户端ID。", "example": "61adcf00620c31e3ddbc9546" }, { "name": "AuthorizationEndpoint", "type": "string", "required": true, "description": "授权请求Endpoint,OpenID Connect身份提供商授权地址。对应企业IdP提供的Openid-configuration中\"authorization_endpoint\"字段的值。", "example": "https://console.authing.cn/console/get-started/61adcf00620c31e3d" }, { "name": "ResponseType", "type": "string", "required": true, "description": "授权请求Response type,固定值id_token", "example": "id_token" }, { "name": "ResponseMode", "type": "string", "required": true, "description": "授权请求Response mode。授权请求返回模式,form_post和fragment两种可选模式,推荐选择form_post模式。", "example": "fragment" }, { "name": "MappingFiled", "type": "string", "required": true, "description": "映射字段名称。IdP的id_token中哪一个字段映射到子用户的用户名,通常是sub或者name字段", "example": "sub" }, { "name": "IdentityKey", "type": "string", "required": true, "description": "签名公钥,需要base64_encode。验证OpenID Connect身份提供商ID Token签名的公钥。为了您的账号安全,建议您定期轮换签名公钥。", "example": "baz****" }, { "name": "Scope", "type": "array", "required": false, "description": "授权请求Scope。openid; email;profile。授权请求信息范围。默认必选openid。", "example": "openid", "item_type": "string" }, { "name": "Description", "type": "string", "required": false, "description": "描述", "example": "idp name" } ], "required": [ "IdentityUrl", "ClientId", "AuthorizationEndpoint", "ResponseType", "ResponseMode", "MappingFiled", "IdentityKey" ] }, { "name": "DescribeIAPLoginSessionDuration", "description": "查询登录会话时长", "status": "online", "parameters": [], "required": [] }, { "name": "DescribeIAPUserOIDCConfig", "description": "查询用户OIDC配置", "status": "online", "parameters": [], "required": [] }, { "name": "DisableIAPUserSSO", "description": "禁用用户SSO", "status": "online", "parameters": [], "required": [] }, { "name": "ModifyIAPLoginSessionDuration", "description": "修改登录会话时长", "status": "online", "parameters": [ { "name": "Duration", "type": "integer", "required": true, "description": "登录会话时长", "example": "172800" } ], "required": [ "Duration" ] }, { "name": "UpdateIAPUserOIDCConfig", "description": "修改用户OIDC配置", "status": "online", "parameters": [ { "name": "IdentityUrl", "type": "string", "required": true, "description": "身份提供商URL。OpenID Connect身份提供商标识。对应企业IdP提供的Openid-configuration中\"issuer\"字段的值。", "example": "https://xxx.qq.cn/oidc" }, { "name": "ClientId", "type": "string", "required": true, "description": "客户端ID,在OpenID Connect身份提供商注册的客户端ID。", "example": "61adcf00620c31e3ddbc9546" }, { "name": "AuthorizationEndpoint", "type": "string", "required": true, "description": "授权请求Endpoint,OpenID Connect身份提供商授权地址。对应企业IdP提供的Openid-configuration中\"authorization_endpoint\"字段的值。", "example": "https://console.authing.cn/console/get-started/61adcf00620c31e3d" }, { "name": "ResponseType", "type": "string", "required": true, "description": "授权请求Response type,固定值id_token", "example": "id_token" }, { "name": "ResponseMode", "type": "string", "required": true, "description": "授权请求Response mode。授权请求返回模式,form_post和fragment两种可选模式,推荐选择form_post模式。", "example": "fragment" }, { "name": "MappingFiled", "type": "string", "required": true, "description": "映射字段名称。IdP的id_token中哪一个字段映射到子用户的用户名,通常是sub或者name字段", "example": "sub" }, { "name": "IdentityKey", "type": "string", "required": true, "description": "RSA签名公钥,JWKS格式,需要进行base64_encode。验证OpenID Connect身份提供商ID Token签名的公钥。为了您的账号安全,建议您定期轮换签名公钥。", "example": "ewogICJ***IF0KfQ==" }, { "name": "Scope", "type": "array", "required": false, "description": "授权请求Scope。openid; email;profile。授权请求信息范围。默认必选openid。", "example": "openid", "item_type": "string" }, { "name": "Description", "type": "string", "required": false, "description": "描述,长度为1~255个英文或中文字符,默认值为空。", "example": "idp name" } ], "required": [ "IdentityUrl", "ClientId", "AuthorizationEndpoint", "ResponseType", "ResponseMode", "MappingFiled", "IdentityKey" ] } ] }