RegisterOidcConfig - AWS Wickr
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

RegisterOidcConfig

Registers and saves an OpenID Connect (OIDC) configuration for a Wickr network, enabling Single Sign-On (SSO) authentication through an identity provider.

Request Syntax

POST /networks/networkId/oidc/save HTTP/1.1
Content-type: application/json

{
   "companyId": "string",
   "customUsername": "string",
   "extraAuthParams": "string",
   "issuer": "string",
   "scopes": "string",
   "secret": "string",
   "ssoTokenBufferMinutes": number,
   "userId": "string"
}

URI Request Parameters

The request uses the following URI parameters.

networkId

The ID of the Wickr network for which OIDC will be configured.

Length Constraints: Fixed length of 8.

Pattern: [0-9]{8}

Required: Yes

Request Body

The request accepts the following data in JSON format.

companyId

Custom identifier your end users will use to sign in with SSO.

Type: String

Pattern: [\S\s]*

Required: Yes

issuer

The issuer URL of the OIDC provider (e.g., 'https://login.example.com').

Type: String

Pattern: [\S\s]*

Required: Yes

scopes

The OAuth scopes to request from the OIDC provider (e.g., 'openid profile email').

Type: String

Pattern: [\S\s]*

Required: Yes

customUsername

A custom field mapping to extract the username from the OIDC token (optional).

Note

The customUsername is only required if you use something other than email as the username field.

Type: String

Pattern: [\S\s]*

Required: No

extraAuthParams

Additional authentication parameters to include in the OIDC flow (optional).

Type: String

Pattern: [\S\s]*

Required: No

secret

The client secret for authenticating with the OIDC provider (optional).

Type: String

Pattern: [\S\s]*

Required: No

ssoTokenBufferMinutes

The buffer time in minutes before the SSO token expires to refresh it (optional).

Type: Integer

Required: No

userId

Unique identifier provided by your identity provider to authenticate the access request. Also referred to as clientID.

Type: String

Pattern: [\S\s]*

Required: No

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "applicationId": number,
   "applicationName": "string",
   "caCertificate": "string",
   "clientId": "string",
   "clientSecret": "string",
   "companyId": "string",
   "customUsername": "string",
   "extraAuthParams": "string",
   "issuer": "string",
   "redirectUrl": "string",
   "scopes": "string",
   "secret": "string",
   "ssoTokenBufferMinutes": number,
   "userId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

companyId

Custom identifier your end users will use to sign in with SSO.

Type: String

Pattern: [\S\s]*

issuer

The issuer URL of the OIDC provider.

Type: String

Pattern: [\S\s]*

scopes

The OAuth scopes configured for the application.

Type: String

Pattern: [\S\s]*

applicationId

The unique identifier for the registered OIDC application.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 10.

applicationName

The name of the registered OIDC application.

Type: String

Pattern: [\S\s]*

caCertificate

The CA certificate used for secure communication with the OIDC provider.

Type: String

Pattern: [\S\s]*

clientId

The OAuth client ID assigned to the application.

Type: String

Pattern: [\S\s]*

clientSecret

The OAuth client secret for the application.

Type: String

Pattern: [\S\s]*

customUsername

The custom field mapping used for extracting the username.

Type: String

Pattern: [\S\s]*

extraAuthParams

The additional authentication parameters configured for the OIDC flow.

Type: String

Pattern: [\S\s]*

redirectUrl

The redirect URL configured for the OAuth flow.

Type: String

Pattern: [\S\s]*

secret

The client secret for authenticating with the OIDC provider.

Type: String

Pattern: [\S\s]*

ssoTokenBufferMinutes

The buffer time in minutes before the SSO token expires.

Type: Integer

userId

The claim field being used as the user identifier.

Type: String

Pattern: [\S\s]*

Errors

For information about the errors that are common to all actions, see Common Errors.

BadRequestError

The request was invalid or malformed. This error occurs when the request parameters do not meet the API requirements, such as invalid field values, missing required parameters, or improperly formatted data.

message

A detailed message explaining what was wrong with the request and how to correct it.

HTTP Status Code: 400

ForbiddenError

Access to the requested resource is forbidden. This error occurs when the authenticated user does not have the necessary permissions to perform the requested operation, even though they are authenticated.

message

A message explaining why access was denied and what permissions are required.

HTTP Status Code: 403

InternalServerError

An unexpected error occurred on the server while processing the request. This indicates a problem with the Wickr service itself rather than with the request. If this error persists, contact AWS Support.

message

A message describing the internal server error that occurred.

HTTP Status Code: 500

RateLimitError

The request was throttled because too many requests were sent in a short period of time. Wait a moment and retry the request. Consider implementing exponential backoff in your application.

message

A message indicating that the rate limit was exceeded and suggesting when to retry.

HTTP Status Code: 429

ResourceNotFoundError

The requested resource could not be found. This error occurs when you try to access or modify a network, user, bot, security group, or other resource that doesn't exist or has been deleted.

message

A message identifying which resource was not found.

HTTP Status Code: 404

UnauthorizedError

The request was not authenticated or the authentication credentials were invalid. This error occurs when the request lacks valid authentication credentials or the credentials have expired.

message

A message explaining why the authentication failed.

HTTP Status Code: 401

ValidationError

One or more fields in the request failed validation. This error provides detailed information about which fields were invalid and why, allowing you to correct the request and retry.

reasons

A list of validation error details, where each item identifies a specific field that failed validation and explains the reason for the failure.

HTTP Status Code: 422

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: