/AWS1/IF_CGP=>UPDATEIDENTITYPROVIDER()¶
About UpdateIdentityProvider¶
Modifies the configuration and trust relationship between a third-party identity provider (IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers through managed login and OIDC relying-party libraries. For more information, see Third-party IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Method Signature¶
METHODS /AWS1/IF_CGP~UPDATEIDENTITYPROVIDER
IMPORTING
!IV_USERPOOLID TYPE /AWS1/CGPUSERPOOLIDTYPE OPTIONAL
!IV_PROVIDERNAME TYPE /AWS1/CGPPROVIDERNAMETYPE OPTIONAL
!IT_PROVIDERDETAILS TYPE /AWS1/CL_CGPPVDRDETAILSTYPE_W=>TT_PROVIDERDETAILSTYPE OPTIONAL
!IT_ATTRIBUTEMAPPING TYPE /AWS1/CL_CGPATTRMAPPINGTYPE_W=>TT_ATTRIBUTEMAPPINGTYPE OPTIONAL
!IT_IDPIDENTIFIERS TYPE /AWS1/CL_CGPIDPIDSLISTTYPE_W=>TT_IDPIDENTIFIERSLISTTYPE OPTIONAL
RETURNING
VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_cgpupdateidpvdrrsp
RAISING
/AWS1/CX_CGPCONCURRENTMODEX
/AWS1/CX_CGPINTERNALERROREX
/AWS1/CX_CGPINVALIDPARAMETEREX
/AWS1/CX_CGPNOTAUTHORIZEDEX
/AWS1/CX_CGPRESOURCENOTFOUNDEX
/AWS1/CX_CGPTOOMANYREQUESTSEX
/AWS1/CX_CGPUNSUPPEDIDPVDREX
/AWS1/CX_CGPCLIENTEXC
/AWS1/CX_CGPSERVEREXC
/AWS1/CX_RT_TECHNICAL_GENERIC
/AWS1/CX_RT_SERVICE_GENERIC.
IMPORTING¶
Required arguments:¶
iv_userpoolid TYPE /AWS1/CGPUSERPOOLIDTYPE /AWS1/CGPUSERPOOLIDTYPE¶
The Id of the user pool where you want to update your IdP.
iv_providername TYPE /AWS1/CGPPROVIDERNAMETYPE /AWS1/CGPPROVIDERNAMETYPE¶
The name of the IdP that you want to update. You can pass the identity provider name in the
identity_providerquery parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP.
Optional arguments:¶
it_providerdetails TYPE /AWS1/CL_CGPPVDRDETAILSTYPE_W=>TT_PROVIDERDETAILSTYPE TT_PROVIDERDETAILSTYPE¶
The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP
authorize_scopesvalues must match the values listed here.
- OpenID Connect (OIDC)
Amazon Cognito accepts the following elements when it can't discover endpoint URLs from
oidc_issuer:attributes_url,authorize_url,jwks_uri,token_url.Create or update request:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }Describe response:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }- SAML
Create or update request with Metadata URL:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }Create or update request with Metadata file:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true",
"MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }The value of
MetadataFilemust be the plaintext metadata document with all quote (") characters escaped by backslashes.Describe response:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }- LoginWithAmazon
Create or update request:
"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"Describe response:
"ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }Create or update request:
"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }Describe response:
"ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }- SignInWithApple
Create or update request:
"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }Describe response:
"ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }Create or update request:
"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }Describe response:
"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }
it_attributemapping TYPE /AWS1/CL_CGPATTRMAPPINGTYPE_W=>TT_ATTRIBUTEMAPPINGTYPE TT_ATTRIBUTEMAPPINGTYPE¶
A mapping of IdP attributes to standard and custom user pool attributes. Specify a user pool attribute as the key of the key-value pair, and the IdP attribute claim name as the value.
it_idpidentifiers TYPE /AWS1/CL_CGPIDPIDSLISTTYPE_W=>TT_IDPIDENTIFIERSLISTTYPE TT_IDPIDENTIFIERSLISTTYPE¶
An array of IdP identifiers, for example
"IdPIdentifiers": [ "MyIdP", "MyIdP2" ]. Identifiers are friendly names that you can pass in theidp_identifierquery parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP. Identifiers in a domain format also enable the use of email-address matching with SAML providers.
RETURNING¶
oo_output TYPE REF TO /aws1/cl_cgpupdateidpvdrrsp /AWS1/CL_CGPUPDATEIDPVDRRSP¶
Domain /AWS1/RT_ACCOUNT_ID Primitive Type NUMC
Examples¶
Syntax Example¶
This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.
DATA(lo_result) = lo_client->updateidentityprovider(
it_attributemapping = VALUE /aws1/cl_cgpattrmappingtype_w=>tt_attributemappingtype(
(
VALUE /aws1/cl_cgpattrmappingtype_w=>ts_attributemappingtype_maprow(
value = new /aws1/cl_cgpattrmappingtype_w( |string| )
key = |string|
)
)
)
it_idpidentifiers = VALUE /aws1/cl_cgpidpidslisttype_w=>tt_idpidentifierslisttype(
( new /aws1/cl_cgpidpidslisttype_w( |string| ) )
)
it_providerdetails = VALUE /aws1/cl_cgppvdrdetailstype_w=>tt_providerdetailstype(
(
VALUE /aws1/cl_cgppvdrdetailstype_w=>ts_providerdetailstype_maprow(
key = |string|
value = new /aws1/cl_cgppvdrdetailstype_w( |string| )
)
)
)
iv_providername = |string|
iv_userpoolid = |string|
).
This is an example of reading all possible response values
lo_result = lo_result.
IF lo_result IS NOT INITIAL.
lo_identityprovidertype = lo_result->get_identityprovider( ).
IF lo_identityprovidertype IS NOT INITIAL.
lv_userpoolidtype = lo_identityprovidertype->get_userpoolid( ).
lv_providernametype = lo_identityprovidertype->get_providername( ).
lv_identityprovidertypetyp = lo_identityprovidertype->get_providertype( ).
LOOP AT lo_identityprovidertype->get_providerdetails( ) into ls_row.
lv_key = ls_row-key.
lo_value = ls_row-value.
IF lo_value IS NOT INITIAL.
lv_stringtype = lo_value->get_value( ).
ENDIF.
ENDLOOP.
LOOP AT lo_identityprovidertype->get_attributemapping( ) into ls_row_1.
lv_key_1 = ls_row_1-key.
lo_value_1 = ls_row_1-value.
IF lo_value_1 IS NOT INITIAL.
lv_stringtype = lo_value_1->get_value( ).
ENDIF.
ENDLOOP.
LOOP AT lo_identityprovidertype->get_idpidentifiers( ) into lo_row_2.
lo_row_3 = lo_row_2.
IF lo_row_3 IS NOT INITIAL.
lv_idpidentifiertype = lo_row_3->get_value( ).
ENDIF.
ENDLOOP.
lv_datetype = lo_identityprovidertype->get_lastmodifieddate( ).
lv_datetype = lo_identityprovidertype->get_creationdate( ).
ENDIF.
ENDIF.